Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

367 advisories

Loading
Cosign malicious artifacts can cause machine-wide DoS Moderate
CVE-2024-29903 was published for github.com/sigstore/cosign (Go) Apr 11, 2024
AdamKorcz DavidKorczynski
Cosign malicious attachments can cause system-wide denial of service Moderate
CVE-2024-29902 was published for github.com/sigstore/cosign (Go) Apr 11, 2024
AdamKorcz
h2 servers vulnerable to degradation of service with CONTINUATION Flood Moderate
GHSA-q6cp-qfwq-4gcv was published for h2 (Rust) Apr 5, 2024
Mattermost Server doesn't limit the number of user preferences Moderate
CVE-2024-28949 was published for github.com/mattermost/mattermost/server/v8 (Go) Apr 5, 2024
amphp/http-client Denial of Service via HTTP/2 CONTINUATION Frames High
GHSA-w8gf-g2vq-j2f4 was published for amphp/http-client (Composer) Apr 3, 2024
bartekn
QUIC's Connection ID Mechanism vulnerable to Memory Exhaustion Attack High
CVE-2024-22189 was published for github.com/quic-go/quic-go (Go) Apr 2, 2024
marten-seemann
Netty's HttpPostRequestDecoder can OOM Moderate
CVE-2024-29025 was published for io.netty:netty-codec-http (Maven) Mar 25, 2024
vietj
Mattermost Server Resource Exhaustion Low
CVE-2024-28053 was published for github.com/mattermost/mattermost-server (Go) Mar 15, 2024
JWCrypto vulnerable to JWT bomb Attack in `deserialize` function Moderate
CVE-2024-28102 was published for jwcrypto (pip) Mar 6, 2024
P3ngu1nW
Mattermost fails to limit the number of role names Moderate
CVE-2024-1953 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 29, 2024
Connection leaking on idle timeout when TCP congested High
CVE-2024-22201 was published for org.eclipse.jetty.http2:http2-common (Maven) Feb 26, 2024
luffy1949
Liferay Portal vulnerable to Denial of Service Moderate
CVE-2024-26265 was published for com.liferay.portal:release.portal.bom (Maven) Feb 20, 2024
Uncontrolled Resource Consumption in moodle High
CVE-2024-25978 was published for moodle/moodle (Composer) Feb 19, 2024
Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file Moderate
CVE-2024-26308 was published for org.apache.commons:commons-compress (Maven) Feb 19, 2024
oscerd astashys
Denial of Service in Connect2id Nimbus JOSE+JWT High
CVE-2023-52428 was published for com.nimbusds:nimbus-jose-jwt (Maven) Feb 11, 2024
ebickle
Liferay Portal denial of service (memory consumption) High
CVE-2024-25143 was published for com.liferay.portal:release.portal.bom (Maven) Feb 7, 2024
Django denial-of-service attack in the intcomma template filter High
CVE-2024-24680 was published for Django (pip) Feb 7, 2024
Bref's Uploaded Files Not Deleted in Event-Driven Functions Moderate
CVE-2024-24752 was published for bref/bref (Composer) Feb 1, 2024
smaury mnapoli
Memory over-allocation in evm crate Moderate
CVE-2021-29511 was published for evm (Rust) Jan 30, 2024
OpenFGA denial of service Moderate
CVE-2024-23820 was published for github.com/openfga/openfga (Go) Jan 26, 2024
CRI-O's pods can break out of resource confinement on cgroupv2 Moderate
CVE-2023-6476 was published for github.com/cri-o/cri-o (Go) Jan 10, 2024
Tal-or
Ion Java StackOverflow vulnerability High
CVE-2024-21634 was published for com.amazon.ion:ion-java (Maven) Jan 3, 2024
ebickle
Authenticated users can crash the CubeFS servers with maliciously crafted requests High
CVE-2023-46738 was published for github.com/cubefs/cubefs (Go) Jan 3, 2024
AdamKorcz
Allocation of Resources Without Limits in Keycloak High
CVE-2023-6563 was published for org.keycloak:keycloak-model-jpa (Maven) Dec 14, 2023
Memory exhaustion in HashiCorp Vault High
CVE-2023-6337 was published for github.com/hashicorp/vault (Go) Dec 9, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database