Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,900
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,181 advisories

Loading
XNIO denial of service vulnerability High
CVE-2023-5685 was published for org.jboss.xnio:xnio-api (Maven) Mar 22, 2024
grosario1
latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption)... High Unreviewed
CVE-2023-50967 was published Mar 20, 2024
Memory leaks in code encrypting and verifying RSA payloads High
CVE-2024-1394 was published for github.com/golang-fips/go (Go) Mar 20, 2024
qmuntal r3kumar
An issue in the HistoryQosPolicy component of FastDDS v2.12.x, v2.11.x, v2.10.x, and v2.6.x leads... High Unreviewed
CVE-2024-26369 was published Mar 19, 2024
tls-listener affected by the slow loris vulnerability with default configuration High
CVE-2024-28854 was published for tls-listener (Rust) Mar 15, 2024
conradludgate
Microsoft Security Advisory CVE-2024-21392: .NET Denial of Service Vulnerability High
CVE-2024-21392 was published for Microsoft.NETCore.App.Runtime.linux-arm (NuGet) Mar 12, 2024
r3kumar TAINA-AntonyBingham
In the Linux kernel, the following vulnerability has been resolved: jfs: fix slab-out-of-bounds... High Unreviewed
CVE-2023-52602 was published Mar 6, 2024
libheif <= 1.17.6 contains a memory leak in the function JpegEncoder::Encode. This flaw allows an... High Unreviewed
CVE-2024-25269 was published Mar 5, 2024
phpseclib a large prime can cause a denial of service High
CVE-2024-27354 was published for phpseclib/phpseclib (Composer) Mar 2, 2024
phpseclib does not properly limit the ASN1 OID length High
CVE-2024-27355 was published for phpseclib/phpseclib (Composer) Mar 2, 2024
A vulnerability in the External Border Gateway Protocol (eBGP) implementation of Cisco NX-OS... High Unreviewed
CVE-2024-20321 was published Feb 29, 2024
In the Linux kernel, the following vulnerability has been resolved: net: marvell: prestera: fix... High Unreviewed
CVE-2021-47023 was published Feb 28, 2024
In the Linux kernel, the following vulnerability has been resolved: net: Only allow init netns... High Unreviewed
CVE-2021-47010 was published Feb 28, 2024
In Srelay (the SOCKS proxy and Relay) v.0.4.8p3, a specially crafted network payload can trigger... High Unreviewed
CVE-2024-25398 was published Feb 27, 2024
Connection leaking on idle timeout when TCP congested High
CVE-2024-22201 was published for org.eclipse.jetty.http2:http2-common (Maven) Feb 26, 2024
luffy1949
Undertow Uncontrolled Resource Consumption Vulnerability High
CVE-2024-1635 was published for io.undertow:undertow-core (Maven) Feb 20, 2024
Uncontrolled Resource Consumption in moodle High
CVE-2024-25978 was published for moodle/moodle (Composer) Feb 19, 2024
Duplicate Advisory: Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability High
GHSA-32q7-gv7f-4cg5 was published for Microsoft.AspNetCore.App.Runtime.linux-arm (NuGet) Feb 13, 2024 withdrawn
Windows DNS Client Denial of Service Vulnerability High Unreviewed
CVE-2024-21342 was published Feb 13, 2024
XSS sidekiq-unique-jobs UI server vulnerability High
CVE-2024-25122 was published for sidekiq-unique-jobs (RubyGems) Feb 13, 2024
pboling Earlopain
An unauthenticated remote attacker can use an uncontrolled resource consumption vulnerability to... High Unreviewed
CVE-2024-24781 was published Feb 13, 2024
python-multipart vulnerable to Content-Type Header ReDoS High
CVE-2024-24762 was published for fastapi (pip) Feb 12, 2024
nicecatch2000 Kludex
Duplicate Advisory: FastAPI Content-Type Header ReDoS High
GHSA-qf9m-vfgh-m389 was published for fastapi (pip) Feb 5, 2024 withdrawn
nicecatch2000 huonw
garyd203 levpachmanov
Duplicate Advisory: Starlette Content-Type Header ReDoS High
GHSA-93gm-qmq6-w238 was published for starlette (pip) Feb 5, 2024 withdrawn
tiangolo nicecatch2000
libexpat through 2.5.0 allows a denial of service (resource consumption) because many full... High Unreviewed
CVE-2023-52425 was published Feb 4, 2024
ProTip! Advisories are also available from the GraphQL API