GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,440
Erlang
29
GitHub Actions
16
Go
1,666
Maven
4,927
npm
3,454
NuGet
594
pip
2,857
Pub
10
RubyGems
823
Rust
766
Swift
34
Unreviewed advisories
All unreviewed
5,000+
270 advisories
Filter by severity
Wildfly vulnerable to denial of service
Moderate
CVE-2024-4029
was published
for
org.wildfly:wildfly-domain-http
(Maven)
May 2, 2024
IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3...
Moderate
Unreviewed
CVE-2024-25026
was published
Apr 25, 2024
Synapse V2 state resolution weakness allows Denial of Service (DoS)
Moderate
CVE-2024-31208
was published
for
matrix-synapse
(pip)
Apr 23, 2024
lunary-ai/lunary version 1.0.0 is vulnerable to unauthorized evaluation creation due to missing...
Moderate
Unreviewed
CVE-2024-1665
was published
Apr 16, 2024
Cosign malicious artifacts can cause machine-wide DoS
Moderate
CVE-2024-29903
was published
for
github.com/sigstore/cosign
(Go)
Apr 11, 2024
Cosign malicious attachments can cause system-wide denial of service
Moderate
CVE-2024-29902
was published
for
github.com/sigstore/cosign
(Go)
Apr 11, 2024
lunary-ai/lunary version 0.3.0 is vulnerable to unauthorized project creation due to insufficient...
Moderate
Unreviewed
CVE-2024-1599
was published
Apr 10, 2024
h2 servers vulnerable to degradation of service with CONTINUATION Flood
Moderate
GHSA-q6cp-qfwq-4gcv
was published
for
h2
(Rust)
Apr 5, 2024
Netty's HttpPostRequestDecoder can OOM
Moderate
CVE-2024-29025
was published
for
io.netty:netty-codec-http
(Maven)
Mar 25, 2024
JWCrypto vulnerable to JWT bomb Attack in `deserialize` function
Moderate
CVE-2024-28102
was published
for
jwcrypto
(pip)
Mar 6, 2024
IBM Cognos Analytics Mobile Server 11.1.7, 11.2.4, and 12.0.0 is vulnerable to Denial of Service...
Moderate
Unreviewed
CVE-2022-34357
was published
Feb 26, 2024
Allocation of Resources Without Limits or Throttling vulnerability in Badge leading to a denial...
Moderate
Unreviewed
CVE-2024-21875
was published
Feb 11, 2024
An uncontrolled resource consumption vulnerability has been reported to affect several QNAP...
Moderate
Unreviewed
CVE-2023-45028
was published
Feb 2, 2024
Memory over-allocation in evm crate
Moderate
CVE-2021-29511
was published
for
evm
(Rust)
Jan 30, 2024
OpenFGA denial of service
Moderate
CVE-2024-23820
was published
for
github.com/openfga/openfga
(Go)
Jan 26, 2024
An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiPAM 1.0...
Moderate
Unreviewed
CVE-2023-37934
was published
Jan 10, 2024
CRI-O's pods can break out of resource confinement on cgroupv2
Moderate
CVE-2023-6476
was published
for
github.com/cri-o/cri-o
(Go)
Jan 10, 2024
In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation...
Moderate
Unreviewed
CVE-2024-22164
was published
Jan 9, 2024
Authenticated users can crash the CubeFS servers with maliciously crafted requests
Moderate
CVE-2023-46738
was published
for
github.com/cubefs/cubefs
(Go)
Jan 3, 2024
An allocation of resources without limits or throttling vulnerability in the Schweitzer...
Moderate
Unreviewed
CVE-2023-34389
was published
Nov 30, 2023
Apache Superset Allocation of Resources Without Limits or Throttling vulnerability
Moderate
CVE-2023-42504
was published
for
apache-superset
(pip)
Nov 28, 2023
LibreNMS vulnerable to rate limiting bypass on login page
Moderate
CVE-2023-46745
was published
for
librenms/librenms
(Composer)
Nov 17, 2023
Pfsense CE version 2.6.0 is vulnerable to No rate limit which can lead to an attacker creating...
Moderate
Unreviewed
CVE-2023-29973
was published
Oct 25, 2023
Allocation of Resources Without Limits or Throttling in vriteio/vrite
Moderate
CVE-2023-5573
was published
for
@vrite/sdk
(npm)
Oct 13, 2023
matrix-synapse vulnerable to denial of service due to malicious server ACL events
Moderate
CVE-2023-45129
was published
for
matrix-synapse
(pip)
Oct 10, 2023
ProTip!
Advisories are also available from the
GraphQL API