GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
131 advisories
Filter by severity
Apache Tomcat Allocation of Resources Without Limits or Throttling vulnerability
High
CVE-2024-38286
was published
for
org.apache.tomcat:tomcat-util
(Maven)
Nov 7, 2024
Security Update for the OPC UA .NET Standard Stack
High
GHSA-qm9f-c3v9-wphv
was published
for
OPCFoundation.NetStandard.Opc.Ua
(NuGet)
Oct 18, 2024
Starlette Denial of service (DoS) via multipart/form-data
High
CVE-2024-47874
was published
for
starlette
(pip)
Oct 15, 2024
async-graphql Directive Overload
High
CVE-2024-47614
was published
for
async-graphql
(Rust)
Oct 3, 2024
Apollo Router Coprocessors may cause Denial-of-Service when handling request bodies
High
CVE-2024-43783
was published
for
apollo-router
(Rust)
Aug 27, 2024
Russh has an OOM Denial of Service due to allocation of untrusted amount
High
CVE-2024-43410
was published
for
russh
(Rust)
Aug 14, 2024
GraphQL Java does not properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service
High
CVE-2024-40094
was published
for
com.graphql-java:graphql-java
(Maven)
Jul 30, 2024
Django vulnerable to Denial of Service
High
CVE-2024-38875
was published
for
Django
(pip)
Jul 10, 2024
Django vulnerable to Denial of Service
High
CVE-2024-39614
was published
for
Django
(pip)
Jul 10, 2024
OPCFoundation.NetStandard.Opc.Ua.Core buffer-management vulnerability
High
CVE-2024-33862
was published
for
OPCFoundation.NetStandard.Opc.Ua.Core
(NuGet)
Jul 6, 2024
Potential memory exhaustion attack due to sparse slice deserialization
High
CVE-2024-37298
was published
for
github.com/gorilla/schema
(Go)
Jul 1, 2024
Unlimited number of NTS-KE connections can crash ntpd-rs server
High
CVE-2024-38528
was published
for
ntpd
(Rust)
Jun 28, 2024
TYPO3 Denial of Service in Frontend Record Registration
High
GHSA-g585-crjf-vhwq
was published
for
typo3/cms
(Composer)
Jun 7, 2024
Flooding Server with Thumbnail files
High
CVE-2024-32871
was published
for
pimcore/pimcore
(Composer)
Jun 4, 2024
TYPO3 Denial of Service in Frontend Record Registration
High
GHSA-hjx5-v9xg-7h25
was published
for
typo3/cms-core
(Composer)
May 30, 2024
rack-contrib vulnerable to Denial of Service due to the unconstrained value of the incoming "profiler_runs" parameter
High
CVE-2024-35231
was published
for
rack-contrib
(RubyGems)
May 28, 2024
amphp/http-client Denial of Service via HTTP/2 CONTINUATION Frames
High
GHSA-w8gf-g2vq-j2f4
was published
for
amphp/http-client
(Composer)
Apr 3, 2024
QUIC's Connection ID Mechanism vulnerable to Memory Exhaustion Attack
High
CVE-2024-22189
was published
for
github.com/quic-go/quic-go
(Go)
Apr 2, 2024
Denial of Service in Connect2id Nimbus JOSE+JWT
High
CVE-2023-52428
was published
for
com.nimbusds:nimbus-jose-jwt
(Maven)
Feb 11, 2024
Liferay Portal denial of service (memory consumption)
High
CVE-2024-25143
was published
for
com.liferay.portal:release.portal.bom
(Maven)
Feb 7, 2024
Ion Java StackOverflow vulnerability
High
CVE-2024-21634
was published
for
com.amazon.ion:ion-java
(Maven)
Jan 3, 2024
Allocation of Resources Without Limits in Keycloak
High
CVE-2023-6563
was published
for
org.keycloak:keycloak-model-jpa
(Maven)
Dec 14, 2023
Memory exhaustion in HashiCorp Vault
High
CVE-2023-6337
was published
for
github.com/hashicorp/vault
(Go)
Dec 9, 2023
Traefik docker container using 100% CPU
High
CVE-2023-47633
was published
for
github.com/traefik/traefik/v2
(Go)
Dec 5, 2023
Free5gc allows a local attacker to cause a denial of service via the free5gc-compose component
High
CVE-2023-47025
was published
for
github.com/free5gc/free5gc
(Go)
Nov 17, 2023
ProTip!
Advisories are also available from the
GraphQL API