Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,048 advisories

Loading
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected... Moderate Unreviewed
CVE-2024-46891 was published Nov 12, 2024
wasm3 uncontrolled memory allocation vulnerability Moderate
CVE-2024-27529 was published for github.com/shareup/wasm-interpreter-apple (pip) Nov 9, 2024
Undertow Denial of Service vulnerability Moderate
CVE-2023-1973 was published for io.undertow:undertow-core (Maven) Nov 7, 2024
A vulnerability, which was classified as problematic, has been found in Tongda OA 2017 up to 11.7... Moderate Unreviewed
CVE-2024-10599 was published Nov 1, 2024
Gnark out-of-memory during deserialization with crafted inputs Moderate
CVE-2024-50354 was published for github.com/consensys/gnark (Go) Oct 31, 2024
pventuzelo
The LevelOne WBR-6012 router with firmware R0.40e6 is vulnerable to improper resource allocation... Moderate Unreviewed
CVE-2024-31152 was published Oct 30, 2024
Werkzeug possible resource exhaustion when parsing file data in forms Moderate
CVE-2024-49767 was published for quart (pip) Oct 25, 2024
defnull
A vulnerability in the SSH server of Cisco Adaptive Security Appliance (ASA) Software could allow... Moderate Unreviewed
CVE-2024-20526 was published Oct 23, 2024
A denial of service (DoS) vulnerability was found in OpenShift. This flaw allows attackers to... Moderate Unreviewed
CVE-2024-50311 was published Oct 22, 2024
Exiv2 has a denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder Moderate
CVE-2024-25112 was published for exiv2 (pip) Oct 17, 2024
westonsteimel
Eclipse Jetty's ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks Moderate
CVE-2024-8184 was published for org.eclipse.jetty:jetty-server (Maven) Oct 14, 2024
HRsGIT
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions... Moderate Unreviewed
CVE-2024-45736 was published Oct 14, 2024
Eclipse Jetty has a denial of service vulnerability on DosFilter Moderate
CVE-2024-9823 was published for org.eclipse.jetty.ee10:jetty-ee10-servlets (Maven) Oct 14, 2024
Uncontrolled resource consumption in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before... Moderate Unreviewed
CVE-2023-25769 was published Oct 10, 2024
Django vulnerable to denial-of-service attack via the urlize() and urlizetrunc() template filters Moderate
CVE-2024-45230 was published for Django (pip) Oct 8, 2024
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series... Moderate Unreviewed
CVE-2024-20502 was published Oct 2, 2024
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series... Moderate Unreviewed
CVE-2024-20500 was published Oct 2, 2024
A vulnerability has been found in ThingsBoard up to 3.7.0 and classified as problematic. Affected... Moderate Unreviewed
CVE-2024-9358 was published Oct 1, 2024
The swctrl service is used to detect and remotely manage PLANET Technology devices. Certain... Moderate Unreviewed
CVE-2024-8454 was published Sep 30, 2024
Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events Moderate
CVE-2024-47003 was published for github.com/mattermost/mattermost/server/v8 (Go) Sep 26, 2024
c0rydoras
Denial of service in rocket chat message parser Moderate
CVE-2024-46935 was published for @rocket.chat/message-parser (npm) Sep 25, 2024
Spring Framework DoS via conditional HTTP request Moderate
CVE-2024-38809 was published for org.springframework:spring-web (Maven) Sep 24, 2024
Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify... Moderate Unreviewed
CVE-2024-8892 was published Sep 18, 2024
vLLM Denial of Service via the best_of parameter Moderate
CVE-2024-8939 was published for vllm (pip) Sep 17, 2024
PingCAP TiDB v8.1.0 was discovered to contain a buffer overflow via the component (*Column)... Moderate Unreviewed
CVE-2024-41434 was published Sep 3, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database