GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
61 advisories
Filter by severity
Notation's default `maxSignatureAttempts` in `notation verify` enables an endless data attack
Moderate
CVE-2023-33958
was published
for
github.com/notaryproject/notation
(Go)
Jun 6, 2023
avro vulnerable to denial of service via attacker-controlled parameter
High
CVE-2023-37475
was published
for
github.com/hamba/avro
(Go)
Jul 17, 2023
Denial of service from large image
Low
CVE-2023-37900
was published
for
github.com/crossplane/crossplane
(Go)
Jul 28, 2023
Possible image tampering from missing image validation for Packages
High
CVE-2023-38495
was published
for
github.com/crossplane/crossplane
(Go)
Jul 28, 2023
Rekor's compressed archives can result in OOM conditions
High
CVE-2023-30551
was published
for
github.com/sigstore/rekor
(Go)
May 3, 2023
notation-go's verification bypass can cause users to verify the wrong artifact
High
CVE-2023-33959
was published
for
github.com/notaryproject/notation-go
(Go)
Jun 6, 2023
VTAdmin users that can create shards can deny access to other functions
Moderate
CVE-2023-29195
was published
for
vitess.io/vitess
(Go)
May 11, 2023
Attacker can cause Kyverno user to unintentionally consume insecure image
High
CVE-2023-47630
was published
for
github.com/kyverno/kyverno
(Go)
Nov 14, 2023
Knative Serving vulnerable to attacker-controlled pod causing denial of service of autoscaler
Moderate
CVE-2023-48713
was published
for
knative.dev/serving
(Go)
Nov 27, 2023
Cosign vulnerable to possible endless data attack from attacker-controlled registry
Low
CVE-2023-46737
was published
for
github.com/sigstore/cosign
(Go)
Nov 8, 2023
containerd CRI plugin: Host memory exhaustion through ExecSync
Moderate
CVE-2022-31030
was published
for
github.com/containerd/containerd
(Go)
Jun 6, 2022
Notation vulnerable to denial of service from high number of artifact signatures
Moderate
CVE-2023-33957
was published
for
github.com/notaryproject/notation
(Go)
Jun 6, 2023
Uncontrolled Resource Consumption in FasterXML jackson-databind
High
CVE-2022-42004
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Oct 3, 2022
Cosign malicious attachments can cause system-wide denial of service
Moderate
CVE-2024-29902
was published
for
github.com/sigstore/cosign
(Go)
Apr 11, 2024
Cosign malicious artifacts can cause machine-wide DoS
Moderate
CVE-2024-29903
was published
for
github.com/sigstore/cosign
(Go)
Apr 11, 2024
Minder's GitHub Webhook Handler vulnerable to DoS from un-validated requests
High
CVE-2024-34084
was published
for
github.com/stacklok/minder
(Go)
May 7, 2024
@fastify/secure-session: Reuse of destroyed secure session cookie
High
CVE-2024-31999
was published
for
@fastify/secure-session
(npm)
Apr 10, 2024
Denial of service of Minder Server with attacker-controlled REST endpoint
Moderate
CVE-2024-35185
was published
for
github.com/stacklok/minder
(Go)
May 16, 2024
vitess allows users to create keyspaces that can deny access to already existing keyspaces
Moderate
CVE-2023-29194
was published
for
vitess.io/vitess
(Go)
Apr 11, 2023
Stacklok Minder vulnerable to denial of service from maliciously crafted templates
Moderate
CVE-2024-35194
was published
for
github.com/stacklok/minder
(Go)
May 20, 2024
Denial of service of Minder Server from maliciously crafted GitHub attestations
Moderate
CVE-2024-35238
was published
for
github.com/stacklok/minder
(Go)
May 28, 2024
Minder affected by denial of service from maliciously configured Git repository
Moderate
CVE-2024-37904
was published
for
github.com/stacklok/minder
(Go)
Jun 18, 2024
Insecure random string generator used for sensitive data
Moderate
CVE-2023-46740
was published
for
github.com/cubefs/cubefs
(Go)
Jan 3, 2024
CubeFS leaks magic secret key when starting Blobstore access service
Moderate
CVE-2023-46741
was published
for
github.com/cubefs/cubefs
(Go)
Jan 3, 2024
CubeFS leaks users key in logs
Moderate
CVE-2023-46742
was published
for
github.com/cubefs/cubefs
(Go)
Jan 3, 2024
ProTip!
Advisories are also available from the
GraphQL API