GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,900
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
60 advisories
Filter by severity
Helm vulnerable to denial of service through schema file
Moderate
CVE-2022-23526
was published
for
helm.sh/helm/v3
(Go)
Dec 14, 2022
OCI image importer memory exhaustion in github.com/containerd/containerd
Moderate
CVE-2023-25153
was published
for
github.com/containerd/containerd
(Go)
Feb 16, 2023
notation-go has excessive memory allocation on verification
High
CVE-2023-25656
was published
for
github.com/notaryproject/notation-go
(Go)
Feb 22, 2023
Crossplane-runtime contains Improper Input Validation via Compositions
Moderate
CVE-2023-27484
was published
for
github.com/crossplane/crossplane
(Go)
Mar 10, 2023
fieldpath's Paved.SetValue allows growing arrays up to arbitrary sizes in crossplane-runtime
Moderate
CVE-2023-27483
was published
for
github.com/crossplane/crossplane-runtime
(Go)
Mar 13, 2023
vitess allows users to create keyspaces that can deny access to already existing keyspaces
Moderate
CVE-2023-29194
was published
for
vitess.io/vitess
(Go)
Apr 11, 2023
Rekor's compressed archives can result in OOM conditions
High
CVE-2023-30551
was published
for
github.com/sigstore/rekor
(Go)
May 3, 2023
VTAdmin users that can create shards can deny access to other functions
Moderate
CVE-2023-29195
was published
for
vitess.io/vitess
(Go)
May 11, 2023
Notation vulnerable to denial of service from high number of artifact signatures
Moderate
CVE-2023-33957
was published
for
github.com/notaryproject/notation
(Go)
Jun 6, 2023
Notation's default `maxSignatureAttempts` in `notation verify` enables an endless data attack
Moderate
CVE-2023-33958
was published
for
github.com/notaryproject/notation
(Go)
Jun 6, 2023
notation-go's verification bypass can cause users to verify the wrong artifact
High
CVE-2023-33959
was published
for
github.com/notaryproject/notation-go
(Go)
Jun 6, 2023
avro vulnerable to denial of service via attacker-controlled parameter
High
CVE-2023-37475
was published
for
github.com/hamba/avro
(Go)
Jul 17, 2023
Possible image tampering from missing image validation for Packages
High
CVE-2023-38495
was published
for
github.com/crossplane/crossplane
(Go)
Jul 28, 2023
Denial of service from large image
Low
CVE-2023-37900
was published
for
github.com/crossplane/crossplane
(Go)
Jul 28, 2023
Cosign vulnerable to possible endless data attack from attacker-controlled registry
Low
CVE-2023-46737
was published
for
github.com/sigstore/cosign
(Go)
Nov 8, 2023
Attacker can cause Kyverno user to unintentionally consume insecure image
High
CVE-2023-47630
was published
for
github.com/kyverno/kyverno
(Go)
Nov 14, 2023
Knative Serving vulnerable to attacker-controlled pod causing denial of service of autoscaler
Moderate
CVE-2023-48713
was published
for
knative.dev/serving
(Go)
Nov 27, 2023
Authenticated users can crash the CubeFS servers with maliciously crafted requests
Moderate
CVE-2023-46738
was published
for
github.com/cubefs/cubefs
(Go)
Jan 3, 2024
CubeFS timing attack can leak user passwords
Moderate
CVE-2023-46739
was published
for
github.com/cubefs/cubefs
(Go)
Jan 3, 2024
Insecure random string generator used for sensitive data
Moderate
CVE-2023-46740
was published
for
github.com/cubefs/cubefs
(Go)
Jan 3, 2024
CubeFS leaks magic secret key when starting Blobstore access service
Moderate
CVE-2023-46741
was published
for
github.com/cubefs/cubefs
(Go)
Jan 3, 2024
CubeFS leaks users key in logs
Moderate
CVE-2023-46742
was published
for
github.com/cubefs/cubefs
(Go)
Jan 3, 2024
@fastify/secure-session: Reuse of destroyed secure session cookie
High
CVE-2024-31999
was published
for
@fastify/secure-session
(npm)
Apr 10, 2024
Cosign malicious attachments can cause system-wide denial of service
Moderate
CVE-2024-29902
was published
for
github.com/sigstore/cosign
(Go)
Apr 11, 2024
Cosign malicious artifacts can cause machine-wide DoS
Moderate
CVE-2024-29903
was published
for
github.com/sigstore/cosign
(Go)
Apr 11, 2024
ProTip!
Advisories are also available from the
GraphQL API