GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
395 advisories
Filter by severity
In BIP-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x...
High
Unreviewed
CVE-2023-22323
was published
Feb 1, 2023
Django contains Uncontrolled Resource Consumption via cached header
High
CVE-2023-23969
was published
for
django
(pip)
Feb 1, 2023
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via...
High
Unreviewed
CVE-2023-25193
was published
Feb 4, 2023
Transient DOS due to uncontrolled resource consumption in WLAN firmware when peer is freed in non...
High
Unreviewed
CVE-2022-40513
was published
Feb 12, 2023
Denial of service due to unlimited number of parts
High
CVE-2023-25576
was published
for
@fastify/multipart
(npm)
Feb 14, 2023
High resource usage when parsing multipart form data with many fields
High
CVE-2023-25577
was published
for
Werkzeug
(pip)
Feb 15, 2023
Denial of service vulnerability when parsing multipart request body
High
CVE-2023-25578
was published
for
starlite
(pip)
Feb 15, 2023
Denial of service vulnerability on Password reset page
High
CVE-2023-25171
was published
for
kiwitcms
(pip)
Feb 15, 2023
Apache Commons FileUpload denial of service vulnerability
High
CVE-2023-24998
was published
for
commons-fileupload:commons-fileupload
(Maven)
Feb 20, 2023
Knot Resolver before 5.6.0 enables attackers to consume its resources, launching amplification...
High
Unreviewed
CVE-2023-26249
was published
Feb 21, 2023
Hyperium Hyper before 0.14.19 does not allow for customization of the max_header_list_size method...
High
Unreviewed
CVE-2022-31394
was published
Feb 21, 2023
notation-go has excessive memory allocation on verification
High
CVE-2023-25656
was published
for
github.com/notaryproject/notation-go
(Go)
Feb 22, 2023
A denial of service is possible from excessive resource consumption in net/http and mime...
High
Unreviewed
CVE-2022-41725
was published
Feb 28, 2023
Rack has possible DoS Vulnerability in Multipart MIME parsing
High
CVE-2023-27530
was published
for
rack
(RubyGems)
Mar 8, 2023
Denial of service in Jenkins Core
High
CVE-2023-27901
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Mar 10, 2023
DDOS attack on graphql endpoints
High
CVE-2023-28104
was published
for
silverstripe/graphql
(Composer)
Mar 16, 2023
x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple...
High
Unreviewed
CVE-2022-42333
was published
Mar 21, 2023
crewjam/saml vulnerable to Denial Of Service Via Deflate Decompression Bomb
High
CVE-2023-28119
was published
for
github.com/crewjam/saml
(Go)
Mar 22, 2023
GraphQL Java vulnerable to stack consumption
High
CVE-2023-28867
was published
for
com.graphql-java:graphql-java
(Maven)
Mar 27, 2023
Multipart form parsing can consume large amounts of CPU and memory when processing form inputs...
High
Unreviewed
CVE-2023-24536
was published
Apr 6, 2023
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 ...
High
Unreviewed
CVE-2022-43768
was published
Apr 11, 2023
Spring Framework vulnerable to denial of service
High
CVE-2023-20863
was published
for
org.springframework:spring-expression
(Maven)
Apr 13, 2023
User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4...
High
Unreviewed
CVE-2023-0383
was published
Apr 20, 2023
IBM Counter Fraud Management for Safer Payments 6.1.0.00, 6.2.0.00, 6.3.0.00 through 6.3.1.03, 6...
High
Unreviewed
CVE-2023-27556
was published
Apr 28, 2023
Rekor's compressed archives can result in OOM conditions
High
CVE-2023-30551
was published
for
github.com/sigstore/rekor
(Go)
May 3, 2023
ProTip!
Advisories are also available from the
GraphQL API