GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
789 advisories
Filter by severity
Mattermost Uncontrolled Resource Consumption vulnerability
Moderate
CVE-2023-48268
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Nov 27, 2023
Mattermost Uncontrolled Resource Consumption vulnerability
Moderate
CVE-2023-40703
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Nov 27, 2023
Ethereum ABI decoder DoS when parsing ZST
Moderate
GHSA-rqr8-pxh7-cq3g
was published
for
eth-abi
(pip)
Nov 24, 2023
Bouncy Castle Denial of Service (DoS)
Moderate
CVE-2023-33202
was published
for
org.bouncycastle:bcpkix-jdk18on
(Maven)
Nov 23, 2023
Decryption of malicious PBES2 JWE objects can consume unbounded system resources
Moderate
GHSA-2c7c-3mj9-8fqh
was published
for
github.com/go-jose/go-jose/v3
(Go)
Nov 21, 2023
Free5gc allows a local attacker to cause a denial of service via the free5gc-compose component
High
CVE-2023-47025
was published
for
github.com/free5gc/free5gc
(Go)
Nov 17, 2023
pocketmine/raklib reliable-ordered queue size is unlimited, allowing a session to hog server memory
Moderate
GHSA-w98g-5fmx-wm4x
was published
for
pocketmine/raklib
(Composer)
Nov 15, 2023
Remarshal expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack
High
CVE-2023-47163
was published
for
remarshal
(pip)
Nov 13, 2023
Cosign vulnerable to possible endless data attack from attacker-controlled registry
Low
CVE-2023-46737
was published
for
github.com/sigstore/cosign
(Go)
Nov 8, 2023
Mattermost vulnerable to excessive memory consumption
Moderate
CVE-2023-5969
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Nov 6, 2023
Calico Typha denial of service vulnerability
High
CVE-2023-41378
was published
for
github.com/projectcalico/calico
(Go)
Nov 6, 2023
Django Denial-of-service in django.utils.text.Truncator
Moderate
CVE-2023-43665
was published
for
Django
(pip)
Nov 3, 2023
Pillow Denial of Service vulnerability
High
CVE-2023-44271
was published
for
pillow
(pip)
Nov 3, 2023
Django Denial of service vulnerability in django.utils.encoding.uri_to_iri
Moderate
CVE-2023-41164
was published
for
django
(pip)
Nov 3, 2023
Django potential denial of service vulnerability in UsernameField on Windows
High
CVE-2023-46695
was published
for
Django
(pip)
Nov 2, 2023
memory leak flaw was found in ruby-magick
Moderate
CVE-2023-5349
was published
for
rmagick
(RubyGems)
Oct 30, 2023
Elasticsearch vulnerable to Uncontrolled Resource Consumption
High
CVE-2023-31418
was published
for
org.elasticsearch:elasticsearch
(Maven)
Oct 26, 2023
Werkzeug DoS: High resource usage when parsing multipart/form-data containing a large part with CR/LF character at the beginning
Moderate
CVE-2023-46136
was published
for
werkzeug
(pip)
Oct 25, 2023
encoded_id-rails potential DOS vulnerability due to URIs with extremely long encoded IDs
High
CVE-2024-0241
was published
for
encoded_id-rails
(RubyGems)
Oct 24, 2023
RabbitMQ Java client's Lack of Message Size Limitation leads to Remote DoS Attack
Moderate
CVE-2023-46120
was published
for
com.rabbitmq:amqp-client
(Maven)
Oct 24, 2023
rustix's `rustix::fs::Dir` iterator with the `linux_raw` backend can cause memory explosion
Moderate
CVE-2024-43806
was published
for
rustix
(Rust)
Oct 18, 2023
OpenFGA DoS vulnerability
High
CVE-2023-45810
was published
for
github.com/openfga/openfga
(Go)
Oct 18, 2023
go-ethereum vulnerable to denial of service via crafted GraphQL query
High
CVE-2023-42319
was published
for
github.com/ethereum/go-ethereum
(Go)
Oct 18, 2023
OpenSearch uncontrolled resource consumption
High
GHSA-8wx3-324g-w4qq
was published
for
org.opensearch.plugin:opensearch-security
(Maven)
Oct 17, 2023
Silverstripe GraphQL has DDOS Vulnerability due to lack of protection against recursive queries
High
CVE-2023-40180
was published
for
silverstripe/graphql
(Composer)
Oct 17, 2023
ProTip!
Advisories are also available from the
GraphQL API