GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,412
Erlang
28
GitHub Actions
16
Go
1,649
Maven
4,914
npm
3,437
NuGet
594
pip
2,682
Pub
10
RubyGems
822
Rust
760
Swift
34
Unreviewed advisories
All unreviewed
5,000+
644 advisories
Filter by severity
IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3...
Moderate
Unreviewed
CVE-2024-25026
was published
Apr 25, 2024
Synapse V2 state resolution weakness allows Denial of Service (DoS)
Moderate
CVE-2024-31208
was published
for
matrix-synapse
(pip)
Apr 23, 2024
In lunary-ai/lunary version 1.0.0, an authorization flaw exists that allows unauthorized radar...
High
Unreviewed
CVE-2024-1666
was published
Apr 16, 2024
lunary-ai/lunary version 1.0.0 is vulnerable to unauthorized evaluation creation due to missing...
Moderate
Unreviewed
CVE-2024-1665
was published
Apr 16, 2024
Cosign malicious artifacts can cause machine-wide DoS
Moderate
CVE-2024-29903
was published
for
github.com/sigstore/cosign
(Go)
Apr 11, 2024
Cosign malicious attachments can cause system-wide denial of service
Moderate
CVE-2024-29902
was published
for
github.com/sigstore/cosign
(Go)
Apr 11, 2024
A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a...
High
Unreviewed
CVE-2024-3382
was published
Apr 10, 2024
lunary-ai/lunary version 0.3.0 is vulnerable to unauthorized project creation due to insufficient...
Moderate
Unreviewed
CVE-2024-1599
was published
Apr 10, 2024
A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.254), Parasolid V36...
Low
Unreviewed
CVE-2024-26276
was published
Apr 9, 2024
h2 servers vulnerable to degradation of service with CONTINUATION Flood
Moderate
GHSA-q6cp-qfwq-4gcv
was published
for
h2
(Rust)
Apr 5, 2024
amphp/http-client Denial of Service via HTTP/2 CONTINUATION Frames
High
GHSA-w8gf-g2vq-j2f4
was published
for
amphp/http-client
(Composer)
Apr 3, 2024
QUIC's Connection ID Mechanism vulnerable to Memory Exhaustion Attack
High
CVE-2024-22189
was published
for
github.com/quic-go/quic-go
(Go)
Apr 2, 2024
in OpenHarmony v3.2.4 and prior versions allow a local attacker cause DOS through stack overflow.
Low
Unreviewed
CVE-2024-29086
was published
Apr 2, 2024
Netty's HttpPostRequestDecoder can OOM
Moderate
CVE-2024-29025
was published
for
io.netty:netty-codec-http
(Maven)
Mar 25, 2024
Allocation of Resources Without Limits or Throttling vulnerability in OpenText NetIQ Privileged...
High
Unreviewed
CVE-2020-11862
was published
Mar 14, 2024
JWCrypto vulnerable to JWT bomb Attack in `deserialize` function
Moderate
CVE-2024-28102
was published
for
jwcrypto
(pip)
Mar 6, 2024
A vulnerability in the External Border Gateway Protocol (eBGP) implementation of Cisco NX-OS...
High
Unreviewed
CVE-2024-20321
was published
Feb 29, 2024
IBM Cognos Analytics Mobile Server 11.1.7, 11.2.4, and 12.0.0 is vulnerable to Denial of Service...
Moderate
Unreviewed
CVE-2022-34357
was published
Feb 26, 2024
Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file
High
CVE-2024-26308
was published
for
org.apache.commons:commons-compress
(Maven)
Feb 19, 2024
When SSL Client Certificate LDAP or Certificate Revocation List Distribution Point (CRLDP)...
High
Unreviewed
CVE-2024-23979
was published
Feb 14, 2024
For unspecified traffic patterns, BIG-IP AFM IPS engine may spend an excessive amount of time...
High
Unreviewed
CVE-2024-21771
was published
Feb 14, 2024
Certain DNSSEC aspects of the DNS protocol (in RFC 4035 and related RFCs) allow remote attackers...
High
Unreviewed
CVE-2023-50387
was published
Feb 14, 2024
Allocation of Resources Without Limits or Throttling vulnerability in Badge leading to a denial...
Moderate
Unreviewed
CVE-2024-21875
was published
Feb 11, 2024
In OpenDDS through 3.27, there is a segmentation fault for a DataWriter with a large value of...
High
Unreviewed
CVE-2023-52427
was published
Feb 11, 2024
An uncontrolled resource consumption vulnerability has been reported to affect several QNAP...
Moderate
Unreviewed
CVE-2023-45028
was published
Feb 2, 2024
ProTip!
Advisories are also available from the
GraphQL API