Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,383
Erlang
33
GitHub Actions
22
Go
2,140
Maven
5,000+
npm
3,800
NuGet
687
pip
3,478
Pub
12
RubyGems
897
Rust
898
Swift
38
Unreviewed advisories
All unreviewed
5,000+

111 advisories

Loading
Denial of service of Minder Server from maliciously crafted GitHub attestations Moderate
CVE-2024-35238 was published for github.com/stacklok/minder (Go) May 28, 2024
AdamKorcz DavidKorczynski
Wildfly vulnerable to denial of service Moderate
CVE-2024-4029 was published for org.wildfly:wildfly-domain-http (Maven) May 2, 2024
Synapse V2 state resolution weakness allows Denial of Service (DoS) Moderate
CVE-2024-31208 was published for matrix-synapse (pip) Apr 23, 2024
alexeyshch
SixLabors.ImageSharp vulnerable to Memory Allocation with Excessive Size Value Moderate
CVE-2024-32035 was published for SixLabors.ImageSharp (NuGet) Apr 15, 2024
skanejohan
Cosign malicious artifacts can cause machine-wide DoS Moderate
CVE-2024-29903 was published for github.com/sigstore/cosign (Go) Apr 11, 2024
AdamKorcz DavidKorczynski
Cosign malicious attachments can cause system-wide denial of service Moderate
CVE-2024-29902 was published for github.com/sigstore/cosign (Go) Apr 11, 2024
AdamKorcz
h2 servers vulnerable to degradation of service with CONTINUATION Flood Moderate
GHSA-q6cp-qfwq-4gcv was published for h2 (Rust) Apr 5, 2024
Mattermost Server doesn't limit the number of user preferences Moderate
CVE-2024-28949 was published for github.com/mattermost/mattermost/server/v8 (Go) Apr 5, 2024
Netty's HttpPostRequestDecoder can OOM Moderate
CVE-2024-29025 was published for io.netty:netty-codec-http (Maven) Mar 25, 2024
vietj
JWCrypto vulnerable to JWT bomb Attack in `deserialize` function Moderate
CVE-2024-28102 was published for jwcrypto (pip) Mar 6, 2024
P3ngu1nW
Mattermost fails to limit the number of role names Moderate
CVE-2024-1953 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 29, 2024
Liferay Portal vulnerable to Denial of Service Moderate
CVE-2024-26265 was published for com.liferay.portal:release.portal.bom (Maven) Feb 20, 2024
Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file Moderate
CVE-2024-26308 was published for org.apache.commons:commons-compress (Maven) Feb 19, 2024
oscerd astashys
Bref's Uploaded Files Not Deleted in Event-Driven Functions Moderate
CVE-2024-24752 was published for bref/bref (Composer) Feb 1, 2024
smaury mnapoli
Memory over-allocation in evm crate Moderate
CVE-2021-29511 was published for evm (Rust) Jan 30, 2024
OpenFGA denial of service Moderate
CVE-2024-23820 was published for github.com/openfga/openfga (Go) Jan 26, 2024
CRI-O's pods can break out of resource confinement on cgroupv2 Moderate
CVE-2023-6476 was published for github.com/cri-o/cri-o (Go) Jan 10, 2024
Tal-or
Apache Superset Allocation of Resources Without Limits or Throttling vulnerability Moderate
CVE-2023-42504 was published for apache-superset (pip) Nov 28, 2023
LibreNMS vulnerable to rate limiting bypass on login page Moderate
CVE-2023-46745 was published for librenms/librenms (Composer) Nov 17, 2023
rook1337
Allocation of Resources Without Limits or Throttling in vriteio/vrite Moderate
CVE-2023-5573 was published for @vrite/sdk (npm) Oct 13, 2023
matrix-synapse vulnerable to denial of service due to malicious server ACL events Moderate
CVE-2023-45129 was published for matrix-synapse (pip) Oct 10, 2023
Denial of service vulnerability on creating a Launch with too many recursively nested elements in reportportal Moderate
CVE-2023-25822 was published for com.epam.reportportal:service-api (Maven) Oct 10, 2023
plone.rest vulnerable to Denial of Service when ++api++ is used many times Moderate
CVE-2023-42457 was published for plone.rest (pip) Sep 21, 2023
SUCHMOKUO node-worker-threads-pool denial of service Vulnerability Moderate
CVE-2021-29057 was published for node-worker-threads-pool (npm) Aug 11, 2023
nalandial
RDiffWeb vulnerable to Allocation of Resources Without Limits or Throttling Moderate
CVE-2023-4138 was published for rdiffweb (pip) Aug 3, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database