GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
2,330 advisories
Filter by severity
Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events
Moderate
CVE-2024-47003
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Sep 26, 2024
Spring Framework DoS via conditional HTTP request
Moderate
CVE-2024-38809
was published
for
org.springframework:spring-web
(Maven)
Sep 24, 2024
Uncontrolled resource consumption in Zoom Team Chat for Zoom Desktop Client for Windows and Zoom...
Moderate
Unreviewed
CVE-2023-39203
was published
Nov 15, 2023
Apache Log4j 1.x (EOL) allows Denial of Service (DoS)
High
CVE-2023-26464
was published
for
org.apache.logging.log4j:log4j-core
(Maven)
Mar 10, 2023
Memory leaks in code encrypting and verifying RSA payloads
High
CVE-2024-1394
was published
for
github.com/golang-fips/go
(Go)
Mar 20, 2024
Processing an incomplete post-handshake message for a QUIC connection can cause a panic.
High
Unreviewed
CVE-2023-39321
was published
Sep 8, 2023
Denial of service in rocket chat message parser
Moderate
CVE-2024-46935
was published
for
@rocket.chat/message-parser
(npm)
Sep 25, 2024
Shenzhen Hichip Vision Technology IP Camera Firmware V11.4.8.1.1-20170926 has a denial of service...
High
Unreviewed
CVE-2022-23382
was published
Sep 11, 2023
An issue was discovered in Qubo Smart Plug 10A version HSP02_01_01_14_SYSTEM-10A, allows...
High
Unreviewed
CVE-2023-36161
was published
Sep 11, 2023
Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x,10.5.3.x, contains an...
High
Unreviewed
CVE-2024-37125
was published
Sep 26, 2024
Inefficient Regular Expression Complexity in nltk (word_tokenize, sent_tokenize)
High
CVE-2021-43854
was published
for
nltk
(pip)
Jan 6, 2022
Strapi's field level permissions not being respected in relationship title
Moderate
CVE-2023-37263
was published
for
@strapi/plugin-content-manager
(npm)
Sep 13, 2023
Due to an allocation of resources without limits, an uncontrolled resource consumption...
Moderate
Unreviewed
CVE-2023-51393
was published
Feb 23, 2024
A memory leak in the Silicon Labs' Bluetooth stack for EFR32 products may cause memory to be...
Moderate
Unreviewed
CVE-2024-0240
was published
Feb 15, 2024
An issue was discovered in ImfHpRegFilter.sys in IOBit Malware Fighter version 8.0.2, allows...
Moderate
Unreviewed
CVE-2020-24089
was published
Sep 20, 2023
A memory leak in the EFR32 Bluetooth LE stack 5.1.0 through 5.1.1 allows an attacker to send an...
Moderate
Unreviewed
CVE-2023-2683
was published
Jun 15, 2023
When multiple devices share resources and one of them is to be passed
through to a guest,...
High
Unreviewed
CVE-2024-31146
was published
Sep 25, 2024
Certain PCI devices in a system might be assigned Reserved Memory
Regions (specified via Reserved...
High
Unreviewed
CVE-2024-31145
was published
Sep 25, 2024
Certain WithSecure products allow Denial of Service via the aepack archive unpack handler. This...
High
Unreviewed
CVE-2023-43767
was published
Sep 22, 2023
The DP module has a service hijacking vulnerability.Successful exploitation of this vulnerability...
Critical
Unreviewed
CVE-2023-41294
was published
Sep 25, 2023
Regular Expression Denial of Service (ReDoS) in Jinja2
Moderate
CVE-2020-28493
was published
for
jinja2
(pip)
Mar 19, 2021
Denial of service attack via incorrect parameters in Matrix Synapse
High
CVE-2020-26257
was published
for
matrix-synapse
(pip)
Dec 9, 2020
python-multipart vulnerable to Content-Type Header ReDoS
High
CVE-2024-24762
was published
for
python-multipart
(pip)
Feb 12, 2024
Sydent vulnerable to denial of service attack via memory exhaustion
High
CVE-2021-29430
was published
for
matrix-sydent
(pip)
Apr 19, 2021
ProTip!
Advisories are also available from the
GraphQL API