GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,980
Erlang
29
GitHub Actions
16
Go
1,769
Maven
4,994
npm
3,540
NuGet
616
pip
3,113
Pub
10
RubyGems
838
Rust
787
Swift
34
Unreviewed advisories
All unreviewed
5,000+
299 advisories
Filter by severity
REXML denial of service vulnerability
Moderate
CVE-2024-39908
was published
for
rexml
(RubyGems)
Jul 16, 2024
REXML contains a denial of service vulnerability
Moderate
CVE-2024-35176
was published
for
rexml
(RubyGems)
May 16, 2024
Internationalized Domain Names in Applications (IDNA) vulnerable to denial of service from specially crafted inputs to idna.encode
Moderate
CVE-2024-3651
was published
for
idna
(pip)
Apr 11, 2024
zipp Denial of Service vulnerability
Moderate
CVE-2024-5569
was published
for
zipp
(pip)
Jul 9, 2024
Directus GraphQL Field Duplication Denial of Service (DoS)
Moderate
CVE-2024-39895
was published
for
@directus/env
(npm)
Jul 8, 2024
Denial of service when decrypting attack controlled input in github.com/dvsekhvalnov/jose2go
Moderate
GHSA-mhpq-9638-x6pw
was published
for
github.com/dvsekhvalnov/jose2go
(Go)
Dec 20, 2023
gqlparser denial of service vulnerability via the parserDirectives function
Moderate
CVE-2023-49559
was published
for
github.com/vektah/gqlparser
(Go)
Jun 12, 2024
Apache Superset uncontrolled resource consumption
Moderate
CVE-2023-46104
was published
for
apache-superset
(pip)
Dec 19, 2023
Duplicate Advisory: Apache Superset uncontrolled resource consumption
Moderate
CVE-2024-23952
was published
for
apache-superset
(pip)
May 30, 2024
•
withdrawn
Improper line feed handling in zenml
Moderate
CVE-2024-4460
was published
for
zenml
(pip)
Jun 24, 2024
netty-handler SniHandler 16MB allocation
Moderate
CVE-2023-34462
was published
for
io.netty:netty-handler
(Maven)
Jun 20, 2023
HTTP/2 Stream Cancellation Attack
Moderate
CVE-2023-44487
was published
for
com.typesafe.akka:akka-http-core
(Go)
Oct 10, 2023
Eclipse Vert.x vulnerable to a memory leak in TCP servers
Moderate
CVE-2024-1300
was published
for
io.vertx:vertx-core
(Maven)
Apr 2, 2024
Minder affected by denial of service from maliciously configured Git repository
Moderate
CVE-2024-37904
was published
for
github.com/stacklok/minder
(Go)
Jun 18, 2024
Denial of service in langchain-community
Moderate
CVE-2024-2965
was published
for
langchain-community
(pip)
Jun 6, 2024
Denial of service in Kubernetes
Moderate
CVE-2020-8557
was published
for
k8s.io/kubernetes/pkg/kubelet
(Go)
Apr 24, 2024
moby docker daemon crash during image pull of malicious image
Moderate
CVE-2021-21285
was published
for
github.com/moby/moby
(Go)
Jan 31, 2024
Elasticsearch Uncontrolled Resource Consumption vulnerability
Moderate
CVE-2024-23450
was published
for
org.elasticsearch:elasticsearch
(Maven)
Mar 27, 2024
Denial of service while parsing a tar file due to lack of folders count validation
Moderate
CVE-2024-28863
was published
for
node-tar
(npm)
Mar 22, 2024
Denial of Service (DoS) attack possibility in TYPO3 component Indexed Search
Moderate
GHSA-pmxp-7224-h794
was published
for
typo3/cms
(Composer)
Jun 4, 2024
Microsoft Security Advisory CVE-2023-36799: .NET Denial of Service Vulnerability
Moderate
CVE-2023-36799
was published
for
Microsoft.NETCore.App.Runtime.linux-arm
(NuGet)
Sep 12, 2023
Mattermost vulnerable to denial of service via large number of emoji reactions
Moderate
CVE-2024-1402
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 9, 2024
Tendermint Core vulnerable to Uncontrolled Resource Consumption
Moderate
CVE-2021-21271
was published
for
github.com/tendermint/tendermint
(Go)
Oct 7, 2022
Bouncy Castle Denial of Service (DoS)
Moderate
CVE-2023-33202
was published
for
org.bouncycastle:bcpkix-jdk18on
(Maven)
Nov 23, 2023
SilverStripe framework XML Quadratic Blowup Attack
Moderate
GHSA-g43w-98wp-m694
was published
for
silverstripe/framework
(Composer)
May 23, 2024
ProTip!
Advisories are also available from the
GraphQL API