Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,412
Erlang
28
GitHub Actions
16
Go
1,649
Maven
4,914
npm
3,437
NuGet
594
pip
2,682
Pub
10
RubyGems
822
Rust
760
Swift
34
Unreviewed advisories
All unreviewed
5,000+

644 advisories

IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3... Moderate Unreviewed
CVE-2024-25026 was published Apr 25, 2024
Synapse V2 state resolution weakness allows Denial of Service (DoS) Moderate
CVE-2024-31208 was published for matrix-synapse (pip) Apr 23, 2024
In lunary-ai/lunary version 1.0.0, an authorization flaw exists that allows unauthorized radar... High Unreviewed
CVE-2024-1666 was published Apr 16, 2024
lunary-ai/lunary version 1.0.0 is vulnerable to unauthorized evaluation creation due to missing... Moderate Unreviewed
CVE-2024-1665 was published Apr 16, 2024
Cosign malicious artifacts can cause machine-wide DoS Moderate
CVE-2024-29903 was published for github.com/sigstore/cosign (Go) Apr 11, 2024
AdamKorcz DavidKorczynski
Cosign malicious attachments can cause system-wide denial of service Moderate
CVE-2024-29902 was published for github.com/sigstore/cosign (Go) Apr 11, 2024
AdamKorcz
A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a... High Unreviewed
CVE-2024-3382 was published Apr 10, 2024
lunary-ai/lunary version 0.3.0 is vulnerable to unauthorized project creation due to insufficient... Moderate Unreviewed
CVE-2024-1599 was published Apr 10, 2024
A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.254), Parasolid V36... Low Unreviewed
CVE-2024-26276 was published Apr 9, 2024
h2 servers vulnerable to degradation of service with CONTINUATION Flood Moderate
GHSA-q6cp-qfwq-4gcv was published for h2 (Rust) Apr 5, 2024
amphp/http-client Denial of Service via HTTP/2 CONTINUATION Frames High
GHSA-w8gf-g2vq-j2f4 was published for amphp/http-client (Composer) Apr 3, 2024
bartekn
QUIC's Connection ID Mechanism vulnerable to Memory Exhaustion Attack High
CVE-2024-22189 was published for github.com/quic-go/quic-go (Go) Apr 2, 2024
marten-seemann
in OpenHarmony v3.2.4 and prior versions allow a local attacker cause DOS through stack overflow. Low Unreviewed
CVE-2024-29086 was published Apr 2, 2024
Netty's HttpPostRequestDecoder can OOM Moderate
CVE-2024-29025 was published for io.netty:netty-codec-http (Maven) Mar 25, 2024
vietj
Allocation of Resources Without Limits or Throttling vulnerability in OpenText NetIQ Privileged... High Unreviewed
CVE-2020-11862 was published Mar 14, 2024
JWCrypto vulnerable to JWT bomb Attack in `deserialize` function Moderate
CVE-2024-28102 was published for jwcrypto (pip) Mar 6, 2024
P3ngu1nW
A vulnerability in the External Border Gateway Protocol (eBGP) implementation of Cisco NX-OS... High Unreviewed
CVE-2024-20321 was published Feb 29, 2024
IBM Cognos Analytics Mobile Server 11.1.7, 11.2.4, and 12.0.0 is vulnerable to Denial of Service... Moderate Unreviewed
CVE-2022-34357 was published Feb 26, 2024
Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file High
CVE-2024-26308 was published for org.apache.commons:commons-compress (Maven) Feb 19, 2024
oscerd
When SSL Client Certificate LDAP or Certificate Revocation List Distribution Point (CRLDP)... High Unreviewed
CVE-2024-23979 was published Feb 14, 2024
For unspecified traffic patterns, BIG-IP AFM IPS engine may spend an excessive amount of time... High Unreviewed
CVE-2024-21771 was published Feb 14, 2024
Certain DNSSEC aspects of the DNS protocol (in RFC 4035 and related RFCs) allow remote attackers... High Unreviewed
CVE-2023-50387 was published Feb 14, 2024
Allocation of Resources Without Limits or Throttling vulnerability in Badge leading to a denial... Moderate Unreviewed
CVE-2024-21875 was published Feb 11, 2024
In OpenDDS through 3.27, there is a segmentation fault for a DataWriter with a large value of... High Unreviewed
CVE-2023-52427 was published Feb 11, 2024
An uncontrolled resource consumption vulnerability has been reported to affect several QNAP... Moderate Unreviewed
CVE-2023-45028 was published Feb 2, 2024
ProTip! Advisories are also available from the GraphQL API