GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,900
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
145 advisories
Filter by severity
otelhttp and otelbeego have DoS vulnerability for high cardinality metrics
High
CVE-2023-25151
was published
for
go.opentelemetry.io/contrib/instrumentation/github.com/astaxie/beego/otelbeego
(Go)
Feb 8, 2023
shiyanhui/dht vulnerable to Uncontrolled Resource Consumption
High
CVE-2020-36562
was published
for
github.com/shiyanhui/dht
(Go)
Dec 28, 2022
ecnepsnai/web vulnerable to Uncontrolled Resource Consumption
Critical
CVE-2021-4236
was published
for
github.com/ecnepsnai/web
(Go)
Dec 28, 2022
revel is vulnerable to resource exhaustion
Moderate
CVE-2020-36568
was published
for
github.com/revel/revel
(Go)
Dec 28, 2022
Tendermint Client package vulnerable to Uncontrolled Resource Consumption
High
CVE-2019-25072
was published
for
github.com/tendermint/tendermint
(Go)
Dec 28, 2022
yaml package for Go can consume excessive amounts of CPU or memory
High
CVE-2022-3064
was published
for
gopkg.in/yaml.v2
(Go)
Dec 28, 2022
usememos/memos Denial of Service vulnerability
High
CVE-2022-4767
was published
for
github.com/usememos/memos
(Go)
Dec 27, 2022
Helm vulnerable to denial of service through string value parsing
Moderate
CVE-2022-23524
was published
for
helm.sh/helm/v3
(Go)
Dec 14, 2022
containerd CRI stream server vulnerable to host memory exhaustion via terminal
Moderate
CVE-2022-23471
was published
for
github.com/containerd/containerd
(Go)
Dec 7, 2022
libp2p DoS vulnerability from lack of resource management
High
CVE-2022-23492
was published
for
github.com/libp2p/go-libp2p
(Go)
Dec 7, 2022
Free5gc vulnerable to uncontrolled resource consumption
High
CVE-2022-38871
was published
for
github.com/free5gc/free5gc
(Go)
Nov 19, 2022
MessagePack for Golang subject to DoS via Unmarshal panic
High
CVE-2022-41719
was published
for
github.com/shamaton/msgpack/v2
(Go)
Nov 11, 2022
Traefik HTTP/2 connections management could cause a denial of service
High
CVE-2022-39271
was published
for
github.com/traefik/traefik/v2
(Go)
Oct 10, 2022
Tendermint Core vulnerable to Uncontrolled Resource Consumption
Moderate
CVE-2021-21271
was published
for
github.com/tendermint/tendermint
(Go)
Oct 7, 2022
Cloudflare GoFlow vulnerable to a Denial of Service in the sflow packet handling package
High
CVE-2022-2529
was published
for
github.com/cloudflare/goflow/v3
(Go)
Oct 1, 2022
Hyperledger Fabric subject to Denial of Service via non-validated request
High
CVE-2022-35253
was published
for
github.com/hyperledger/fabric
(Go)
Sep 25, 2022
Binary vulnerable to Slice Memory Allocation with Excessive Size Value
High
CVE-2022-36078
was published
for
github.com/gagliardetto/binary
(Go)
Sep 16, 2022
Helm Controller denial of service
High
CVE-2022-36049
was published
for
github.com/fluxcd/flux2
(Go)
Sep 16, 2022
Helm Vulnerable to denial of service through string value parsing
Moderate
CVE-2022-36055
was published
for
helm.sh/helm/v3
(Go)
Aug 30, 2022
Shoutrrr util package DoS via sending 2000, 4000, or 6000 character messages
High
CVE-2022-25891
was published
for
github.com/containrrr/shoutrrr
(Go)
Jul 16, 2022
DoS in KubeEdge's Websocket Client in package Viaduct
Moderate
CVE-2022-31080
was published
for
github.com/kubeedge/kubeedge
(Go)
Jul 11, 2022
KubeEdge Cloud Stream and Edge Stream DoS from large stream message
Moderate
CVE-2022-31079
was published
for
github.com/kubeedge/kubeedge
(Go)
Jul 11, 2022
KubeEdge CloudCore Router memory exhaustion vulnerability
Moderate
CVE-2022-31078
was published
for
github.com/kubeedge/kubeedge
(Go)
Jul 11, 2022
KubeEdge DoS when signing the CSR from EdgeCore
Moderate
CVE-2022-31075
was published
for
github.com/kubeedge/kubeedge
(Go)
Jul 11, 2022
KubeEdge Cloud AdmissionController component DoS
Moderate
CVE-2022-31074
was published
for
github.com/kubeedge/kubeedge
(Go)
Jul 11, 2022
ProTip!
Advisories are also available from the
GraphQL API