Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

2,330 advisories

Loading
Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events Moderate
CVE-2024-47003 was published for github.com/mattermost/mattermost/server/v8 (Go) Sep 26, 2024
c0rydoras
Spring Framework DoS via conditional HTTP request Moderate
CVE-2024-38809 was published for org.springframework:spring-web (Maven) Sep 24, 2024
Uncontrolled resource consumption in Zoom Team Chat for Zoom Desktop Client for Windows and Zoom... Moderate Unreviewed
CVE-2023-39203 was published Nov 15, 2023
Apache Log4j 1.x (EOL) allows Denial of Service (DoS) High
CVE-2023-26464 was published for org.apache.logging.log4j:log4j-core (Maven) Mar 10, 2023
jw123023
Memory leaks in code encrypting and verifying RSA payloads High
CVE-2024-1394 was published for github.com/golang-fips/go (Go) Mar 20, 2024
qmuntal r3kumar
Processing an incomplete post-handshake message for a QUIC connection can cause a panic. High Unreviewed
CVE-2023-39321 was published Sep 8, 2023
Denial of service in rocket chat message parser Moderate
CVE-2024-46935 was published for @rocket.chat/message-parser (npm) Sep 25, 2024
Shenzhen Hichip Vision Technology IP Camera Firmware V11.4.8.1.1-20170926 has a denial of service... High Unreviewed
CVE-2022-23382 was published Sep 11, 2023
An issue was discovered in Qubo Smart Plug 10A version HSP02_01_01_14_SYSTEM-10A, allows... High Unreviewed
CVE-2023-36161 was published Sep 11, 2023
Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x,10.5.3.x, contains an... High Unreviewed
CVE-2024-37125 was published Sep 26, 2024
Inefficient Regular Expression Complexity in nltk (word_tokenize, sent_tokenize) High
CVE-2021-43854 was published for nltk (pip) Jan 6, 2022
tomaarsen raffienficiaud
OpenStack Mistral DoS High
CVE-2018-16848 was published for mistral (pip) May 24, 2022
Strapi's field level permissions not being respected in relationship title Moderate
CVE-2023-37263 was published for @strapi/plugin-content-manager (npm) Sep 13, 2023
Boegie19 derrickmehaffy
alexandrebodin
Due to an allocation of resources without limits, an uncontrolled resource consumption... Moderate Unreviewed
CVE-2023-51393 was published Feb 23, 2024
A memory leak in the Silicon Labs' Bluetooth stack for EFR32 products may cause memory to be... Moderate Unreviewed
CVE-2024-0240 was published Feb 15, 2024
An issue was discovered in ImfHpRegFilter.sys in IOBit Malware Fighter version 8.0.2, allows... Moderate Unreviewed
CVE-2020-24089 was published Sep 20, 2023
A memory leak in the EFR32 Bluetooth LE stack 5.1.0 through 5.1.1 allows an attacker to send an... Moderate Unreviewed
CVE-2023-2683 was published Jun 15, 2023
When multiple devices share resources and one of them is to be passed through to a guest,... High Unreviewed
CVE-2024-31146 was published Sep 25, 2024
Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved... High Unreviewed
CVE-2024-31145 was published Sep 25, 2024
Certain WithSecure products allow Denial of Service via the aepack archive unpack handler. This... High Unreviewed
CVE-2023-43767 was published Sep 22, 2023
The DP module has a service hijacking vulnerability.Successful exploitation of this vulnerability... Critical Unreviewed
CVE-2023-41294 was published Sep 25, 2023
Regular Expression Denial of Service (ReDoS) in Jinja2 Moderate
CVE-2020-28493 was published for jinja2 (pip) Mar 19, 2021
tdunlap607
Denial of service attack via incorrect parameters in Matrix Synapse High
CVE-2020-26257 was published for matrix-synapse (pip) Dec 9, 2020
python-multipart vulnerable to Content-Type Header ReDoS High
CVE-2024-24762 was published for python-multipart (pip) Feb 12, 2024
nicecatch2000 Kludex
amita-seal
Sydent vulnerable to denial of service attack via memory exhaustion High
CVE-2021-29430 was published for matrix-sydent (pip) Apr 19, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database