Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

18 advisories

Loading
Waitress vulnerable to DoS leading to high CPU usage/resource exhaustion High
CVE-2024-49769 was published for waitress (pip) Oct 29, 2024
djay d-maurer
digitalresistor
Apache Answer: The link for resetting user password is not Single-Use Moderate
CVE-2024-41888 was published for github.com/apache/incubator-answer (Go) Aug 12, 2024
Apache Answer: The link to reset the user's password will remain valid after sending a new link Moderate
CVE-2024-41890 was published for github.com/apache/incubator-answer (Go) Aug 12, 2024
Etcd Gateway can include itself as an endpoint resulting in resource exhaustion High
CVE-2020-15114 was published for go.etcd.io/etcd (Go) Jan 31, 2024
Traefik vulnerable to potential DDoS via ACME HTTPChallenge Moderate
CVE-2023-47124 was published for github.com/traefik/traefik/v2 (Go) Dec 5, 2023
Bunkum tokens cached in the AuthenticationService are susceptible to a use-after-free Moderate
CVE-2023-45814 was published for Bunkum (NuGet) Oct 19, 2023
jvyden
golang.org/x/text/language Denial of service via crafted Accept-Language header High
CVE-2022-32149 was published for golang.org/x/text (Go) Oct 14, 2022
rbeuque74
OpenStack Neutron Denial of Service vulnerability High
CVE-2021-40797 was published for neutron (pip) May 24, 2022
Missing Release of Resource after Effective Lifetime in Jenkins High
CVE-2018-1999043 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
libpg_query memory leak High
CVE-2018-18482 was published for pg-query (pip) May 13, 2022
Uncontrolled Resource Consumption in Matrix Synapse Moderate
CVE-2022-41952 was published for matrix-synapse (pip) Apr 1, 2022
Uncontrolled Resource Consumption in promhttp High
CVE-2022-21698 was published for github.com/prometheus/client_golang (Go) Feb 16, 2022
dgl
Missing Release of Resource after Effective Lifetime in Apache Tomcat High
CVE-2021-42340 was published for org.apache.tomcat:tomcat (Maven) Oct 15, 2021
sunSUNQ
S3 storage write is not aborted on errors leading to unbounded memory usage High
GHSA-m6m5-pp4g-fcc8 was published for github.com/foxcpp/maddy (Go) Oct 6, 2021
Use of uninitialized buffer in rkyv High
CVE-2021-31919 was published for rkyv (Rust) Aug 25, 2021
Use after free in rio Critical
CVE-2020-35876 was published for rio (Rust) Aug 25, 2021
Buffer Overflow in Apache Mina SSHD High
CVE-2021-30129 was published for org.apache.sshd:sshd-core (Maven) Aug 2, 2021
ProTip! Advisories are also available from the GraphQL API