GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
429 advisories
Filter by severity
Missing connection timeout in Aardvark-dns
High
CVE-2024-8418
was published
for
aardvark-dns
(Rust)
Sep 4, 2024
Flowise Unauthenticated Denial of Service (DoS) vulnerability
High
CVE-2024-8182
was published
for
flowise
(npm)
Aug 27, 2024
Microsoft Security Advisory CVE-2024-38168 | .NET Denial of Service Vulnerability
High
CVE-2024-38168
was published
for
Microsoft.AspNetCore.App.Runtime.win-arm
(NuGet)
Aug 13, 2024
fast-xml-parser vulnerable to ReDOS at currency parsing
High
CVE-2024-41818
was published
for
fast-xml-parser
(npm)
Jul 29, 2024
Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint
High
CVE-2024-40634
was published
for
github.com/argoproj/argo-cd
(Go)
Jul 22, 2024
Fiona affected by CVE-2020-14152 related to madler-zlib
High
GHSA-g4m4-9q4c-mfw6
was published
for
fiona
(pip)
Jul 16, 2024
Next.js Denial of Service (DoS) condition
High
CVE-2024-39693
was published
for
next
(npm)
Jul 10, 2024
speaker vulnerable to Denial of Service
High
CVE-2024-21526
was published
for
speaker
(npm)
Jul 10, 2024
images vulnerable to Denial of Service
High
CVE-2024-21523
was published
for
images
(npm)
Jul 10, 2024
Microsoft Security Advisory CVE-2024-30105 | .NET Denial of Service Vulnerability
High
CVE-2024-30105
was published
for
System.Text.Json
(NuGet)
Jul 9, 2024
Apache Tomcat - Denial of Service
High
CVE-2024-34750
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jul 3, 2024
h2o vulnerable to unexpected POST request shutting down server
High
CVE-2024-5979
was published
for
h2o
(pip)
Jun 27, 2024
Undertow's url-encoded request path information can be broken on ajp-listener
High
CVE-2024-6162
was published
for
io.undertow:undertow-core
(Maven)
Jun 20, 2024
STRIMZI incorrect access control
High
CVE-2024-36543
was published
for
io.strimzi:strimzi
(Maven)
Jun 17, 2024
go-grpc-compression has a zstd decompression bombing vulnerability
High
GHSA-87m9-rv8p-rgmg
was published
for
github.com/mostynb/go-grpc-compression
(Go)
Jun 10, 2024
Soot Infinite Loop vulnerability
High
CVE-2023-46442
was published
for
org.soot-oss:soot
(Maven)
May 24, 2024
Uncontrolled resource consumption in braces
High
CVE-2024-4068
was published
for
braces
(npm)
May 14, 2024
Minder's GitHub Webhook Handler vulnerable to DoS from un-validated requests
High
CVE-2024-34084
was published
for
github.com/stacklok/minder
(Go)
May 7, 2024
go-ethereum vulnerable to DoS via malicious p2p message
High
CVE-2024-32972
was published
for
github.com/ethereum/go-ethereum
(Go)
May 6, 2024
s3-url-parser vulnerable to Denial of Service via regexes component
High
CVE-2024-25355
was published
for
s3-url-parser
(npm)
May 1, 2024
Yamux Memory Exhaustion Vulnerability via Active::pending_frames property
High
CVE-2024-32984
was published
for
yamux
(Rust)
May 1, 2024
OpenStack Storlets arbitrary code execution vulnerability
High
CVE-2024-28717
was published
for
storlets
(pip)
Apr 22, 2024
QUIC's Connection ID Mechanism vulnerable to Memory Exhaustion Attack
High
CVE-2024-22189
was published
for
github.com/quic-go/quic-go
(Go)
Apr 2, 2024
XNIO denial of service vulnerability
High
CVE-2023-5685
was published
for
org.jboss.xnio:xnio-api
(Maven)
Mar 22, 2024
ProTip!
Advisories are also available from the
GraphQL API