Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

438 advisories

Loading
snappy-java's missing upper bound check on chunk length can lead to Denial of Service (DoS) impact High
CVE-2023-43642 was published for org.xerial.snappy:snappy-java (Maven) Sep 25, 2023
mkcops janjwerner-confluent
flabbergastedbd
Faktory Web Dashboard can lead to denial of service(DOS) via malicious user input High
CVE-2023-37279 was published for github.com/contribsys/faktory (Go) Sep 20, 2023
Malayke
** UNSUPPPORTED WHEN ASSIGNED ** Vulnerability in the RCPbind service running on UDP port (111),... High Unreviewed
CVE-2022-47562 was published Sep 20, 2023
When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed... High Unreviewed
CVE-2023-38039 was published Sep 15, 2023
Strapi Improper Rate Limiting vulnerability High
CVE-2023-38507 was published for @strapi/admin (npm) Sep 13, 2023
scgajge12 derrickmehaffy
innerdvations alexandrebodin
RKE2 supervisor port is vulnerable to unauthenticated remote denial-of-service (DoS) attack via TLS SAN stuffing attack High
CVE-2023-32186 was published for github.com/rancher/rke2 (Go) Sep 11, 2023
K3s apiserver port is vulnerable to unauthenticated remote denial-of-service (DoS) attack via TLS SAN stuffing attack High
CVE-2023-32187 was published for github.com/k3s-io/k3s (Go) Sep 11, 2023
QUIC connections do not set an upper bound on the amount of data buffered when reading post... High Unreviewed
CVE-2023-39322 was published Sep 8, 2023
An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5,... High Unreviewed
CVE-2023-4647 was published Sep 1, 2023
An adversary could crash the entire device by sending a large quantity of ICMP requests if the... High Unreviewed
CVE-2023-40709 was published Aug 24, 2023
An adversary could cause a continuous restart loop to the entire device by sending a large... High Unreviewed
CVE-2023-40710 was published Aug 24, 2023
FaucetSDN Ryu Denial of Service Vulnerability High
CVE-2020-35139 was published for ryu (pip) Aug 11, 2023
FaucetSDN Ryu Denial of Service Vulnerability High
CVE-2020-35141 was published for ryu (pip) Aug 11, 2023
Excessive Iteration in gRPC High
CVE-2023-33953 was published for grpc (RubyGems) Aug 9, 2023
levpachmanov
libp2p nodes vulnerable to attack using large RSA keys High
CVE-2023-39533 was published for github.com/libp2p/go-libp2p (Go) Aug 9, 2023
marten-seemann
A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801,... High Unreviewed
CVE-2023-39269 was published Aug 8, 2023
Data Illusion Survey Software Solutions ngSurvey version 2.4.28 and below is vulnerable to Denial... High Unreviewed
CVE-2022-46485 was published Aug 2, 2023
An issue has been discovered in GitLab EE affecting all versions from 15.11 prior to 16.2.2 which... High Unreviewed
CVE-2023-4011 was published Aug 2, 2023
On Crestron 3-Series Control Systems before 1.8001.0187, crafting and sending a specific BACnet... High Unreviewed
CVE-2023-38405 was published Jul 17, 2023
A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3.4), SIMATIC MV540 S ... High Unreviewed
CVE-2023-36521 was published Jul 11, 2023
IBM Watson CP4D Data Stores 4.6.0 does not properly allocate resources without limits or... High Unreviewed
CVE-2023-27540 was published Jul 10, 2023
Any request send to a Netgear Nighthawk Wifi6 Router (RAX30)'s web service containing a “Content... High Unreviewed
CVE-2023-28338 was published Jul 6, 2023
A remote, unauthenticated attacker could cause a denial-of-service of PHOENIX CONTACT FL MGUARD... High Unreviewed
CVE-2022-3480 was published Jul 6, 2023
Products.CMFCore unauthenticated denial of service and crash via unchecked use of input with Python's marshal module High
CVE-2023-36814 was published for Products.CMFCore (pip) Jul 5, 2023
A vulnerability in the XCP Authentication Service of the Cisco Unified Communications Manager IM ... High Unreviewed
CVE-2023-20108 was published Jun 28, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database