GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
833 advisories
Filter by severity
axum-core has no default limit put on request bodies
High
CVE-2022-3212
was published
for
axum-core
(Rust)
Sep 15, 2022
modern-async's `forEachSeries` and `forEachLimit` functions do not limit the number of requests
High
CVE-2021-41167
was published
for
modern-async
(npm)
Oct 21, 2021
Allocation of Resources Without Limits or Throttling in nvflare
High
CVE-2022-21822
was published
for
nvflare
(pip)
Mar 18, 2022
A lack of appropriate timeouts in GitLab Pages included in GitLab CE/EE all versions prior to 14...
Moderate
Unreviewed
CVE-2022-1121
was published
Apr 5, 2022
IBM App Connect Enterprise Certified Container Dashboard UI (IBM App Connect Enterprise Certified...
Moderate
Unreviewed
CVE-2022-22404
was published
Apr 2, 2022
Mattermost Playbooks plugin v1.24.0 and earlier fails to properly check the limit on the number...
Moderate
Unreviewed
CVE-2022-1333
was published
Apr 14, 2022
A vulnerability in IP ingress packet processing of the Cisco Embedded Wireless Controller with...
High
Unreviewed
CVE-2022-20622
was published
Apr 16, 2022
An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using...
High
Unreviewed
CVE-2021-44502
was published
Apr 16, 2022
Uncontrolled memory consumption
Moderate
CVE-2021-31811
was published
for
org.apache.pdfbox:pdfbox
(Maven)
Jun 15, 2021
Improper Handling of Length Parameter Inconsistency in Compress
High
CVE-2021-35517
was published
for
org.apache.commons:commons-compress
(Maven)
Aug 2, 2021
TYPO3 CMS vulnerable to Denial of Service in Page Error Handling
Moderate
CVE-2022-36104
was published
for
typo3/cms
(Composer)
Sep 16, 2022
Improper Handling of Length Parameter Inconsistency in Compress
High
CVE-2021-35516
was published
for
org.apache.commons:commons-compress
(Maven)
Aug 2, 2021
basic/unit-name.c in systemd 220 through 248 has a Memory Allocation with an Excessive Size Value...
Moderate
Unreviewed
CVE-2021-33910
was published
May 24, 2022
xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to...
Moderate
Unreviewed
CVE-2021-28700
was published
May 24, 2022
An issue has been found in function XRef::fetch in PDF2JSON 0.70 that allows attackers to cause a...
Moderate
Unreviewed
CVE-2020-19464
was published
May 24, 2022
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of...
Moderate
Unreviewed
CVE-2019-9516
was published
May 24, 2022
A vulnerability in processing of certain DHCP packets from adjacent clients on EX Series and QFX...
High
Unreviewed
CVE-2021-0217
was published
May 24, 2022
Helm Controller denial of service
High
CVE-2022-36049
was published
for
github.com/fluxcd/flux2
(Go)
Sep 16, 2022
An issue has been found in function vfprintf in PDF2JSON 0.70 that allows attackers to cause a...
Moderate
Unreviewed
CVE-2020-19463
was published
May 24, 2022
adbyby v2.7 allows external users to make connections via port 8118. This can cause a program...
Moderate
Unreviewed
CVE-2022-29767
was published
Jun 4, 2022
If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where...
High
Unreviewed
CVE-2022-30522
was published
Jun 10, 2022
A vulnerability due to the improper handling of direct memory access (DMA) buffers on EX4300...
Moderate
Unreviewed
CVE-2021-0242
was published
May 24, 2022
An issue was discovered in Bento4 1.2. The allocator is out of memory in /Source/C++/Core...
Moderate
Unreviewed
CVE-2022-31285
was published
Jun 11, 2022
An issue was discovered in Bento4 v1.2. There is an allocation size request error in /Ap4RtpAtom...
Moderate
Unreviewed
CVE-2022-31287
was published
Jun 11, 2022
ProTip!
Advisories are also available from the
GraphQL API