Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,900
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

145 advisories

Loading
otelhttp and otelbeego have DoS vulnerability for high cardinality metrics High
CVE-2023-25151 was published for go.opentelemetry.io/contrib/instrumentation/github.com/astaxie/beego/otelbeego (Go) Feb 8, 2023
shiyanhui/dht vulnerable to Uncontrolled Resource Consumption High
CVE-2020-36562 was published for github.com/shiyanhui/dht (Go) Dec 28, 2022
ecnepsnai/web vulnerable to Uncontrolled Resource Consumption Critical
CVE-2021-4236 was published for github.com/ecnepsnai/web (Go) Dec 28, 2022
revel is vulnerable to resource exhaustion Moderate
CVE-2020-36568 was published for github.com/revel/revel (Go) Dec 28, 2022
Tendermint Client package vulnerable to Uncontrolled Resource Consumption High
CVE-2019-25072 was published for github.com/tendermint/tendermint (Go) Dec 28, 2022
yaml package for Go can consume excessive amounts of CPU or memory High
CVE-2022-3064 was published for gopkg.in/yaml.v2 (Go) Dec 28, 2022
usememos/memos Denial of Service vulnerability High
CVE-2022-4767 was published for github.com/usememos/memos (Go) Dec 27, 2022
Helm vulnerable to denial of service through string value parsing Moderate
CVE-2022-23524 was published for helm.sh/helm/v3 (Go) Dec 14, 2022
DavidKorczynski AdamKorcz
containerd CRI stream server vulnerable to host memory exhaustion via terminal Moderate
CVE-2022-23471 was published for github.com/containerd/containerd (Go) Dec 7, 2022
libp2p DoS vulnerability from lack of resource management High
CVE-2022-23492 was published for github.com/libp2p/go-libp2p (Go) Dec 7, 2022
Free5gc vulnerable to uncontrolled resource consumption High
CVE-2022-38871 was published for github.com/free5gc/free5gc (Go) Nov 19, 2022
MessagePack for Golang subject to DoS via Unmarshal panic High
CVE-2022-41719 was published for github.com/shamaton/msgpack/v2 (Go) Nov 11, 2022
Traefik HTTP/2 connections management could cause a denial of service High
CVE-2022-39271 was published for github.com/traefik/traefik/v2 (Go) Oct 10, 2022
Tendermint Core vulnerable to Uncontrolled Resource Consumption Moderate
CVE-2021-21271 was published for github.com/tendermint/tendermint (Go) Oct 7, 2022
cmwaters melekes
cyril-crypto brianatcrypto tomtau yihuang
Cloudflare GoFlow vulnerable to a Denial of Service in the sflow packet handling package High
CVE-2022-2529 was published for github.com/cloudflare/goflow/v3 (Go) Oct 1, 2022
JustinTimperio
Hyperledger Fabric subject to Denial of Service via non-validated request High
CVE-2022-35253 was published for github.com/hyperledger/fabric (Go) Sep 25, 2022
Binary vulnerable to Slice Memory Allocation with Excessive Size Value High
CVE-2022-36078 was published for github.com/gagliardetto/binary (Go) Sep 16, 2022
Helm Controller denial of service High
CVE-2022-36049 was published for github.com/fluxcd/flux2 (Go) Sep 16, 2022
pjbgf
Helm Vulnerable to denial of service through string value parsing Moderate
CVE-2022-36055 was published for helm.sh/helm/v3 (Go) Aug 30, 2022
DavidKorczynski AdamKorcz
Shoutrrr util package DoS via sending 2000, 4000, or 6000 character messages High
CVE-2022-25891 was published for github.com/containrrr/shoutrrr (Go) Jul 16, 2022
DoS in KubeEdge's Websocket Client in package Viaduct Moderate
CVE-2022-31080 was published for github.com/kubeedge/kubeedge (Go) Jul 11, 2022
DavidKorczynski AdamKorcz
KubeEdge Cloud Stream and Edge Stream DoS from large stream message Moderate
CVE-2022-31079 was published for github.com/kubeedge/kubeedge (Go) Jul 11, 2022
AdamKorcz DavidKorczynski
KubeEdge CloudCore Router memory exhaustion vulnerability Moderate
CVE-2022-31078 was published for github.com/kubeedge/kubeedge (Go) Jul 11, 2022
DavidKorczynski AdamKorcz
KubeEdge DoS when signing the CSR from EdgeCore Moderate
CVE-2022-31075 was published for github.com/kubeedge/kubeedge (Go) Jul 11, 2022
DavidKorczynski AdamKorcz
KubeEdge Cloud AdmissionController component DoS Moderate
CVE-2022-31074 was published for github.com/kubeedge/kubeedge (Go) Jul 11, 2022
DavidKorczynski AdamKorcz
ProTip! Advisories are also available from the GraphQL API