Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,128
NuGet
735
pip
3,944
Pub
12
RubyGems
945
Rust
1,024
Swift
39
Unreviewed advisories
All unreviewed
5,000+

367 advisories

Loading
Denial of service in Jenkins Core High
CVE-2023-27901 was published for org.jenkins-ci.main:jenkins-core (Maven) Mar 10, 2023
westonsteimel
Denial of service in Jenkins Core Moderate
CVE-2023-27900 was published for org.jenkins-ci.main:jenkins-core (Maven) Mar 10, 2023
westonsteimel
Rack has possible DoS Vulnerability in Multipart MIME parsing High
CVE-2023-27530 was published for rack (RubyGems) Mar 8, 2023
notation-go has excessive memory allocation on verification High
CVE-2023-25656 was published for github.com/notaryproject/notation-go (Go) Feb 22, 2023
AdamKorcz shizhMSFT
Apache Commons FileUpload denial of service vulnerability High
CVE-2023-24998 was published for commons-fileupload:commons-fileupload (Maven) Feb 20, 2023
sunSUNQ westonsteimel
Uncontrolled Resource Consumption in golang.org/x/image Moderate
CVE-2022-41727 was published for golang.org/x/image (Go) Feb 17, 2023
OCI image importer memory exhaustion in github.com/containerd/containerd Moderate
CVE-2023-25153 was published for github.com/containerd/containerd (Go) Feb 16, 2023
AdamKorcz DavidKorczynski
Denial of service vulnerability on Password reset page High
CVE-2023-25171 was published for kiwitcms (pip) Feb 15, 2023
mosaa404
Denial of service vulnerability when parsing multipart request body High
CVE-2023-25578 was published for starlite (pip) Feb 15, 2023
das7pad
High resource usage when parsing multipart form data with many fields High
CVE-2023-25577 was published for Werkzeug (pip) Feb 15, 2023
das7pad
Denial of service due to unlimited number of parts High
CVE-2023-25576 was published for @fastify/multipart (npm) Feb 14, 2023
das7pad
Django contains Uncontrolled Resource Consumption via cached header High
CVE-2023-23969 was published for django (pip) Feb 1, 2023
MarkLee131
revel is vulnerable to resource exhaustion Moderate
CVE-2020-36568 was published for github.com/revel/revel (Go) Dec 28, 2022
rdiffweb has no rate limit on resend email feature High
CVE-2022-4723 was published for rdiffweb (pip) Dec 27, 2022
golang.org/x/net/http2 vulnerable to possible excessive memory growth Moderate
CVE-2022-41717 was published for golang.org/x/net (Go) Dec 8, 2022
westonsteimel
libp2p DoS vulnerability from lack of resource management High
CVE-2022-23487 was published for libp2p (npm) Dec 7, 2022
libp2p DoS vulnerability from lack of resource management High
CVE-2022-23486 was published for libp2p (Rust) Dec 7, 2022
Denial of service in Mattermost Moderate
CVE-2022-4045 was published for github.com/mattermost/mattermost-server (Go) Nov 23, 2022
Denial of service in Mattermost Moderate
CVE-2022-4044 was published for github.com/mattermost/mattermost-server (Go) Nov 23, 2022
Creation of new database tables through login form on PostgreSQL High
CVE-2022-41932 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Nov 21, 2022
Concrete CMS vulnerable to Uncontrolled Resource Consumption leading to DoS Moderate
CVE-2022-43686 was published for concrete5/concrete5 (Composer) Nov 15, 2022
Missing rate limit on rdiffweb Critical
CVE-2022-3439 was published for rdiffweb (pip) Oct 14, 2022
Missing rate limit on rdiffweb Moderate
CVE-2022-3456 was published for rdiffweb (pip) Oct 14, 2022
NocoDB vulnerable to Denial of Service Moderate
CVE-2022-3423 was published for nocodb (npm) Oct 7, 2022
rdiffweb does not have a rate limit on incorrect password attempts to prevent brute force attacks High
CVE-2022-3273 was published for rdiffweb (pip) Oct 6, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database