Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

27 advisories

Loading
Mattermost Server vulnerable to application crash from attacker-generated large response Moderate
CVE-2024-47401 was published for github.com/mattermost/mattermost/server/v8 (Go) Oct 29, 2024
OCI image importer memory exhaustion in github.com/containerd/containerd Moderate
CVE-2023-25153 was published for github.com/containerd/containerd (Go) Feb 16, 2023
AdamKorcz DavidKorczynski
Denial of service of Minder Server from maliciously crafted GitHub attestations Moderate
CVE-2024-35238 was published for github.com/stacklok/minder (Go) May 28, 2024
AdamKorcz DavidKorczynski
Golang TIFF decoder does not place a limit on the size of compressed tile data Moderate
CVE-2023-29408 was published for golang.org/x/image (Go) Aug 2, 2023
Uncontrolled Resource Consumption in golang.org/x/image Moderate
CVE-2022-41727 was published for golang.org/x/image (Go) Feb 17, 2023
golang.org/x/net/http2 vulnerable to possible excessive memory growth Moderate
CVE-2022-41717 was published for golang.org/x/net (Go) Dec 8, 2022
westonsteimel
revel is vulnerable to resource exhaustion Moderate
CVE-2020-36568 was published for github.com/revel/revel (Go) Dec 28, 2022
Cosign malicious artifacts can cause machine-wide DoS Moderate
CVE-2024-29903 was published for github.com/sigstore/cosign (Go) Apr 11, 2024
AdamKorcz DavidKorczynski
Cosign malicious attachments can cause system-wide denial of service Moderate
CVE-2024-29902 was published for github.com/sigstore/cosign (Go) Apr 11, 2024
AdamKorcz
OpenFGA denial of service Moderate
CVE-2024-23820 was published for github.com/openfga/openfga (Go) Jan 26, 2024
CRI-O's pods can break out of resource confinement on cgroupv2 Moderate
CVE-2023-6476 was published for github.com/cri-o/cri-o (Go) Jan 10, 2024
Tal-or
CometBFT PeerState JSON serialization deadlock Moderate
CVE-2023-34450 was published for github.com/cometbft/cometbft (Go) Jul 5, 2023
mmsqe sergio-mena
Kubernetes DoS Vulnerability Moderate
CVE-2019-1002100 was published for k8s.io/kubernetes (Go) May 13, 2022
Kubernetes API Server DoS Via API Requests Moderate
CVE-2020-8552 was published for k8s.io/apiserver (Go) Feb 15, 2022
skitt marquiz
toddtreece
Allocation of Resources Without Limits or Throttling and Uncontrolled Memory Allocation in Kubernetes Moderate
CVE-2020-8551 was published for k8s.io/kubernetes (Go) Feb 15, 2022
Helm Vulnerable to denial of service through string value parsing Moderate
CVE-2022-36055 was published for helm.sh/helm/v3 (Go) Aug 30, 2022
DavidKorczynski AdamKorcz
KubeEdge DoS when signing the CSR from EdgeCore Moderate
CVE-2022-31075 was published for github.com/kubeedge/kubeedge (Go) Jul 11, 2022
DavidKorczynski AdamKorcz
DoS in KubeEdge's Websocket Client in package Viaduct Moderate
CVE-2022-31080 was published for github.com/kubeedge/kubeedge (Go) Jul 11, 2022
DavidKorczynski AdamKorcz
KubeEdge Cloud Stream and Edge Stream DoS from large stream message Moderate
CVE-2022-31079 was published for github.com/kubeedge/kubeedge (Go) Jul 11, 2022
AdamKorcz DavidKorczynski
KubeEdge CloudCore Router memory exhaustion vulnerability Moderate
CVE-2022-31078 was published for github.com/kubeedge/kubeedge (Go) Jul 11, 2022
DavidKorczynski AdamKorcz
DoS through large manifest files in Argo CD Moderate
CVE-2022-31016 was published for github.com/argoproj/argo-cd (Go) Jun 21, 2022
AdamKorcz
Resource exhaustion in Mattermost Moderate
CVE-2022-1337 was published for github.com/mattermost/mattermost-server/v6 (Go) Apr 14, 2022
github.com/ipfs/kubo affected by DOS Bitswap unbounded persistent memory leak Moderate
GHSA-qvqg-6rp8-4p9h was published for github.com/ipfs/kubo (Go) May 11, 2023
Jorropo
OctoRPKI crashes when processing GZIP bomb returned via malicious repository Moderate
CVE-2021-3912 was published for github.com/cloudflare/cfrpki (Go) Nov 10, 2021
Asymmetric Resource Consumption (Amplification) in Docker containers created by Wings Moderate
CVE-2021-32699 was published for github.com/pterodactyl/wings (Go) Jun 23, 2021
ProTip! Advisories are also available from the GraphQL API