GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
102 advisories
Filter by severity
Uncontrolled memory consumption
Moderate
CVE-2021-31811
was published
for
org.apache.pdfbox:pdfbox
(Maven)
Jun 15, 2021
TYPO3 CMS vulnerable to Denial of Service in Page Error Handling
Moderate
CVE-2022-36104
was published
for
typo3/cms
(Composer)
Sep 16, 2022
Denial of service in Mattermost
Moderate
CVE-2022-4044
was published
for
github.com/mattermost/mattermost-server
(Go)
Nov 23, 2022
Denial of service in Mattermost
Moderate
CVE-2022-4045
was published
for
github.com/mattermost/mattermost-server
(Go)
Nov 23, 2022
Asymmetric Resource Consumption (Amplification) in Docker containers created by Wings
Moderate
CVE-2021-32699
was published
for
github.com/pterodactyl/wings
(Go)
Jun 23, 2021
angular vulnerable to regular expression denial of service (ReDoS)
Moderate
CVE-2022-25844
was published
for
angular
(npm)
May 3, 2022
Apache Tika vulnerable to uncontrolled memory consumption
Moderate
CVE-2022-25169
was published
for
org.apache.tika:tika
(Maven)
May 17, 2022
Allocation of Resources Without Limits or Throttling in Apache Tika
Moderate
CVE-2019-10093
was published
for
org.apache.tika:tika-parsers
(Maven)
Aug 6, 2019
Potential DOS attack due to unrestricted attachment count in messages
Moderate
CVE-2019-12406
was published
for
org.apache.cxf:apache-cxf
(Maven)
Nov 8, 2019
Denial of service in direct_mail
Moderate
CVE-2020-12697
was published
for
directmailteam/direct-mail
(Composer)
May 24, 2021
Regular Expression Denial of Service (ReDOS)
Moderate
CVE-2021-29060
was published
for
color-string
(npm)
Jun 22, 2021
OctoRPKI crashes when processing GZIP bomb returned via malicious repository
Moderate
CVE-2021-3912
was published
for
github.com/cloudflare/cfrpki
(Go)
Nov 10, 2021
Allocation of Resources Without Limits or Throttling in iText
Moderate
CVE-2022-24196
was published
for
com.itextpdf:itext7-core
(Maven)
Feb 2, 2022
Allocation of Resources Without Limits or Throttling in Spring Framework
Moderate
CVE-2022-22950
was published
for
org.springframework:spring-expression
(Maven)
Apr 3, 2022
Wagtail vulnerable to denial-of-service via memory exhaustion when uploading large files
Moderate
CVE-2023-28837
was published
for
wagtail
(pip)
Apr 3, 2023
A poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack
Moderate
CVE-2019-16770
was published
for
puma
(RubyGems)
Dec 5, 2019
Uncontrolled resource consumption in nokogiri
Moderate
CVE-2017-18258
was published
for
nokogiri
(RubyGems)
Apr 13, 2018
github.com/ipfs/kubo affected by DOS Bitswap unbounded persistent memory leak
Moderate
GHSA-qvqg-6rp8-4p9h
was published
for
github.com/ipfs/kubo
(Go)
May 11, 2023
Resource exhaustion in Mattermost
Moderate
CVE-2022-1337
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Apr 14, 2022
DoS through large manifest files in Argo CD
Moderate
CVE-2022-31016
was published
for
github.com/argoproj/argo-cd
(Go)
Jun 21, 2022
KubeEdge CloudCore Router memory exhaustion vulnerability
Moderate
CVE-2022-31078
was published
for
github.com/kubeedge/kubeedge
(Go)
Jul 11, 2022
KubeEdge Cloud Stream and Edge Stream DoS from large stream message
Moderate
CVE-2022-31079
was published
for
github.com/kubeedge/kubeedge
(Go)
Jul 11, 2022
ProTip!
Advisories are also available from the
GraphQL API