Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,980
Erlang
29
GitHub Actions
16
Go
1,769
Maven
4,994
npm
3,540
NuGet
616
pip
3,113
Pub
10
RubyGems
838
Rust
787
Swift
34
Unreviewed advisories
All unreviewed
5,000+

299 advisories

Loading
REXML denial of service vulnerability Moderate
CVE-2024-39908 was published for rexml (RubyGems) Jul 16, 2024
REXML contains a denial of service vulnerability Moderate
CVE-2024-35176 was published for rexml (RubyGems) May 16, 2024
Internationalized Domain Names in Applications (IDNA) vulnerable to denial of service from specially crafted inputs to idna.encode Moderate
CVE-2024-3651 was published for idna (pip) Apr 11, 2024
guidovranken
zipp Denial of Service vulnerability Moderate
CVE-2024-5569 was published for zipp (pip) Jul 9, 2024
Directus GraphQL Field Duplication Denial of Service (DoS) Moderate
CVE-2024-39895 was published for @directus/env (npm) Jul 8, 2024
asantof
Denial of service when decrypting attack controlled input in github.com/dvsekhvalnov/jose2go Moderate
GHSA-mhpq-9638-x6pw was published for github.com/dvsekhvalnov/jose2go (Go) Dec 20, 2023
gqlparser denial of service vulnerability via the parserDirectives function Moderate
CVE-2023-49559 was published for github.com/vektah/gqlparser (Go) Jun 12, 2024
Apache Superset uncontrolled resource consumption Moderate
CVE-2023-46104 was published for apache-superset (pip) Dec 19, 2023
Duplicate Advisory: Apache Superset uncontrolled resource consumption Moderate
CVE-2024-23952 was published for apache-superset (pip) May 30, 2024 withdrawn
Improper line feed handling in zenml Moderate
CVE-2024-4460 was published for zenml (pip) Jun 24, 2024
netty-handler SniHandler 16MB allocation Moderate
CVE-2023-34462 was published for io.netty:netty-handler (Maven) Jun 20, 2023
vietj
HTTP/2 Stream Cancellation Attack Moderate
CVE-2023-44487 was published for com.typesafe.akka:akka-http-core (Go) Oct 10, 2023
joakime faroukfaiz10
DuyTran-TomTom derekheld ebickle
Eclipse Vert.x vulnerable to a memory leak in TCP servers Moderate
CVE-2024-1300 was published for io.vertx:vertx-core (Maven) Apr 2, 2024
Minder affected by denial of service from maliciously configured Git repository Moderate
CVE-2024-37904 was published for github.com/stacklok/minder (Go) Jun 18, 2024
AdamKorcz DavidKorczynski
Denial of service in langchain-community Moderate
CVE-2024-2965 was published for langchain-community (pip) Jun 6, 2024
eyurtsev efriis
Denial of service in Kubernetes Moderate
CVE-2020-8557 was published for k8s.io/kubernetes/pkg/kubelet (Go) Apr 24, 2024
moby docker daemon crash during image pull of malicious image Moderate
CVE-2021-21285 was published for github.com/moby/moby (Go) Jan 31, 2024
bgeesaman joshlarsen
IanColdwater mauilion raesene cpuguy83 neersighted
Elasticsearch Uncontrolled Resource Consumption vulnerability Moderate
CVE-2024-23450 was published for org.elasticsearch:elasticsearch (Maven) Mar 27, 2024
Denial of service while parsing a tar file due to lack of folders count validation Moderate
CVE-2024-28863 was published for node-tar (npm) Mar 22, 2024
DEMON1A AlmogApiiro
ebickle
Denial of Service (DoS) attack possibility in TYPO3 component Indexed Search Moderate
GHSA-pmxp-7224-h794 was published for typo3/cms (Composer) Jun 4, 2024
Microsoft Security Advisory CVE-2023-36799: .NET Denial of Service Vulnerability Moderate
CVE-2023-36799 was published for Microsoft.NETCore.App.Runtime.linux-arm (NuGet) Sep 12, 2023
Mattermost vulnerable to denial of service via large number of emoji reactions Moderate
CVE-2024-1402 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 9, 2024
c0rydoras
Tendermint Core vulnerable to Uncontrolled Resource Consumption Moderate
CVE-2021-21271 was published for github.com/tendermint/tendermint (Go) Oct 7, 2022
cmwaters melekes
cyril-crypto brianatcrypto tomtau yihuang
Bouncy Castle Denial of Service (DoS) Moderate
CVE-2023-33202 was published for org.bouncycastle:bcpkix-jdk18on (Maven) Nov 23, 2023
ind-team ebickle
Ghcml mpihelgas
SilverStripe framework XML Quadratic Blowup Attack Moderate
GHSA-g43w-98wp-m694 was published for silverstripe/framework (Composer) May 23, 2024
ProTip! Advisories are also available from the GraphQL API