GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
18 advisories
Filter by severity
Buffer Overflow in Apache Mina SSHD
High
CVE-2021-30129
was published
for
org.apache.sshd:sshd-core
(Maven)
Aug 2, 2021
S3 storage write is not aborted on errors leading to unbounded memory usage
High
GHSA-m6m5-pp4g-fcc8
was published
for
github.com/foxcpp/maddy
(Go)
Oct 6, 2021
Missing Release of Resource after Effective Lifetime in Apache Tomcat
High
CVE-2021-42340
was published
for
org.apache.tomcat:tomcat
(Maven)
Oct 15, 2021
Uncontrolled Resource Consumption in promhttp
High
CVE-2022-21698
was published
for
github.com/prometheus/client_golang
(Go)
Feb 16, 2022
Uncontrolled Resource Consumption in Matrix Synapse
Moderate
CVE-2022-41952
was published
for
matrix-synapse
(pip)
Apr 1, 2022
Missing Release of Resource after Effective Lifetime in Jenkins
High
CVE-2018-1999043
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
OpenStack Neutron Denial of Service vulnerability
High
CVE-2021-40797
was published
for
neutron
(pip)
May 24, 2022
golang.org/x/text/language Denial of service via crafted Accept-Language header
High
CVE-2022-32149
was published
for
golang.org/x/text
(Go)
Oct 14, 2022
Bunkum tokens cached in the AuthenticationService are susceptible to a use-after-free
Moderate
CVE-2023-45814
was published
for
Bunkum
(NuGet)
Oct 19, 2023
Traefik vulnerable to potential DDoS via ACME HTTPChallenge
Moderate
CVE-2023-47124
was published
for
github.com/traefik/traefik/v2
(Go)
Dec 5, 2023
Etcd Gateway can include itself as an endpoint resulting in resource exhaustion
High
CVE-2020-15114
was published
for
go.etcd.io/etcd
(Go)
Jan 31, 2024
Apache Answer: The link for resetting user password is not Single-Use
Moderate
CVE-2024-41888
was published
for
github.com/apache/incubator-answer
(Go)
Aug 12, 2024
Apache Answer: The link to reset the user's password will remain valid after sending a new link
Moderate
CVE-2024-41890
was published
for
github.com/apache/incubator-answer
(Go)
Aug 12, 2024
Waitress vulnerable to DoS leading to high CPU usage/resource exhaustion
High
CVE-2024-49769
was published
for
waitress
(pip)
Oct 29, 2024
aiohttp has a memory leak when middleware is enabled when requesting a resource with a non-allowed method
Moderate
CVE-2024-52303
was published
for
aiohttp
(pip)
Nov 18, 2024
ProTip!
Advisories are also available from the
GraphQL API