Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

443 advisories

Loading
Duplicate Advisory: Denial of Service in JSON-Java High
GHSA-rm7j-f5g5-27vv was published for org.json:json (Maven) Oct 12, 2023 withdrawn
Astralidea
An Allocation of Resources Without Limits or Throttling vulnerability in Juniper Networks Junos... High Unreviewed
CVE-2023-44191 was published Oct 13, 2023
An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in... High Unreviewed
CVE-2023-45862 was published Oct 14, 2023
OpenTelemetry-Go Contrib vulnerable to denial of service in otelhttp due to unbound cardinality metrics High
CVE-2023-45142 was published for go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful (Go) Oct 16, 2023
programmer04 MadVikingGod
arminru pellared
A vulnerability in a logging API in Cisco Firepower Management Center (FMC) Software could allow... High Unreviewed
CVE-2023-20155 was published Nov 1, 2023
Django potential denial of service vulnerability in UsernameField on Windows High
CVE-2023-46695 was published for Django (pip) Nov 2, 2023
Pillow Denial of Service vulnerability High
CVE-2023-44271 was published for pillow (pip) Nov 3, 2023
otelgrpc DoS vulnerability due to unbound cardinality metrics High
CVE-2023-47108 was published for go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc (Go) Nov 12, 2023
Free5gc allows a local attacker to cause a denial of service via the free5gc-compose component High
CVE-2023-47025 was published for github.com/free5gc/free5gc (Go) Nov 17, 2023
Traefik docker container using 100% CPU High
CVE-2023-47633 was published for github.com/traefik/traefik/v2 (Go) Dec 5, 2023
ekle
A lack of rate limiting in pjActionAJaxSend in Availability Booking Calendar 5.0 allows attackers... High Unreviewed
CVE-2023-48831 was published Dec 7, 2023
Under certain circumstances, invalid authentication credentials could be sent to the login... High Unreviewed
CVE-2023-4486 was published Dec 7, 2023
Memory exhaustion in HashiCorp Vault High
CVE-2023-6337 was published for github.com/hashicorp/vault (Go) Dec 9, 2023
An issue was discovered in Zammad before 6.2.0. Due to lack of rate limiting in the "email... High Unreviewed
CVE-2023-50455 was published Dec 10, 2023
A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size... High Unreviewed
CVE-2023-5379 was published Dec 13, 2023
Allocation of Resources Without Limits in Keycloak High
CVE-2023-6563 was published for org.keycloak:keycloak-model-jpa (Maven) Dec 14, 2023
A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation... High Unreviewed
CVE-2023-3171 was published Dec 27, 2023
Authenticated users can crash the CubeFS servers with maliciously crafted requests High
CVE-2023-46738 was published for github.com/cubefs/cubefs (Go) Jan 3, 2024
AdamKorcz
Ion Java StackOverflow vulnerability High
CVE-2024-21634 was published for com.amazon.ion:ion-java (Maven) Jan 3, 2024
ebickle
An Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper... High Unreviewed
CVE-2024-21604 was published Jan 12, 2024
Django denial-of-service attack in the intcomma template filter High
CVE-2024-24680 was published for Django (pip) Feb 7, 2024
Liferay Portal denial of service (memory consumption) High
CVE-2024-25143 was published for com.liferay.portal:release.portal.bom (Maven) Feb 7, 2024
In OpenDDS through 3.27, there is a segmentation fault for a DataWriter with a large value of... High Unreviewed
CVE-2023-52427 was published Feb 11, 2024
Denial of Service in Connect2id Nimbus JOSE+JWT High
CVE-2023-52428 was published for com.nimbusds:nimbus-jose-jwt (Maven) Feb 11, 2024
ebickle
To keep its cache database efficient, `named` running as a recursive resolver occasionally... High Unreviewed
CVE-2023-6516 was published Feb 13, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database