GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
740 advisories
Filter by severity
Synapse V2 state resolution weakness allows Denial of Service (DoS)
Moderate
CVE-2024-31208
was published
for
matrix-synapse
(pip)
Apr 23, 2024
lunary-ai/lunary version 1.0.0 is vulnerable to unauthorized evaluation creation due to missing...
Moderate
Unreviewed
CVE-2024-1665
was published
Apr 16, 2024
In lunary-ai/lunary version 1.0.0, an authorization flaw exists that allows unauthorized radar...
High
Unreviewed
CVE-2024-1666
was published
Apr 16, 2024
Cosign malicious artifacts can cause machine-wide DoS
Moderate
CVE-2024-29903
was published
for
github.com/sigstore/cosign
(Go)
Apr 11, 2024
Cosign malicious attachments can cause system-wide denial of service
Moderate
CVE-2024-29902
was published
for
github.com/sigstore/cosign
(Go)
Apr 11, 2024
A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a...
High
Unreviewed
CVE-2024-3382
was published
Apr 10, 2024
lunary-ai/lunary version 0.3.0 is vulnerable to unauthorized project creation due to insufficient...
Moderate
Unreviewed
CVE-2024-1599
was published
Apr 10, 2024
A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.254), Parasolid V36...
Low
Unreviewed
CVE-2024-26276
was published
Apr 9, 2024
h2 servers vulnerable to degradation of service with CONTINUATION Flood
Moderate
GHSA-q6cp-qfwq-4gcv
was published
for
h2
(Rust)
Apr 5, 2024
HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to...
High
Unreviewed
CVE-2024-27316
was published
Apr 4, 2024
IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.3 is vulnerable to a denial of...
Moderate
Unreviewed
CVE-2024-27268
was published
Apr 4, 2024
amphp/http-client Denial of Service via HTTP/2 CONTINUATION Frames
High
GHSA-w8gf-g2vq-j2f4
was published
for
amphp/http-client
(Composer)
Apr 3, 2024
QUIC's Connection ID Mechanism vulnerable to Memory Exhaustion Attack
High
CVE-2024-22189
was published
for
github.com/quic-go/quic-go
(Go)
Apr 2, 2024
in OpenHarmony v3.2.4 and prior versions allow a local attacker cause DOS through stack overflow.
Low
Unreviewed
CVE-2024-29086
was published
Apr 2, 2024
IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 is vulnerable to a denial of...
Moderate
Unreviewed
CVE-2024-22353
was published
Mar 31, 2024
An issue was discovered in Couchbase Server 6.6.x through 7.2.0, before 7.1.5 and 7.2.1....
High
Unreviewed
CVE-2023-43768
was published
Mar 27, 2024
VSeeFace through 1.13.38.c2 allows attackers to cause a denial of service (application hang) via...
High
Unreviewed
CVE-2024-26577
was published
Mar 27, 2024
Netty's HttpPostRequestDecoder can OOM
Moderate
CVE-2024-29025
was published
for
io.netty:netty-codec-http
(Maven)
Mar 25, 2024
Allocation of Resources Without Limits or Throttling vulnerability in OpenText NetIQ Privileged...
High
Unreviewed
CVE-2020-11862
was published
Mar 14, 2024
JWCrypto vulnerable to JWT bomb Attack in `deserialize` function
Moderate
CVE-2024-28102
was published
for
jwcrypto
(pip)
Mar 6, 2024
Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5...
High
Unreviewed
CVE-2024-26461
was published
Feb 29, 2024
A vulnerability in the External Border Gateway Protocol (eBGP) implementation of Cisco NX-OS...
High
Unreviewed
CVE-2024-20321
was published
Feb 29, 2024
IBM Cognos Analytics Mobile Server 11.1.7, 11.2.4, and 12.0.0 is vulnerable to Denial of Service...
Moderate
Unreviewed
CVE-2022-34357
was published
Feb 26, 2024
Due to an allocation of resources without limits, an uncontrolled resource consumption...
Moderate
Unreviewed
CVE-2023-51393
was published
Feb 23, 2024
Denial of service condition in M-Files Server in versions before 24.2 (excluding 23.2 SR7 and 23...
Moderate
Unreviewed
CVE-2024-0563
was published
Feb 23, 2024
ProTip!
Advisories are also available from the
GraphQL API