GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,900
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,181 advisories
Filter by severity
XNIO denial of service vulnerability
High
CVE-2023-5685
was published
for
org.jboss.xnio:xnio-api
(Maven)
Mar 22, 2024
latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption)...
High
Unreviewed
CVE-2023-50967
was published
Mar 20, 2024
Memory leaks in code encrypting and verifying RSA payloads
High
CVE-2024-1394
was published
for
github.com/golang-fips/go
(Go)
Mar 20, 2024
An issue in the HistoryQosPolicy component of FastDDS v2.12.x, v2.11.x, v2.10.x, and v2.6.x leads...
High
Unreviewed
CVE-2024-26369
was published
Mar 19, 2024
tls-listener affected by the slow loris vulnerability with default configuration
High
CVE-2024-28854
was published
for
tls-listener
(Rust)
Mar 15, 2024
Microsoft Security Advisory CVE-2024-21392: .NET Denial of Service Vulnerability
High
CVE-2024-21392
was published
for
Microsoft.NETCore.App.Runtime.linux-arm
(NuGet)
Mar 12, 2024
In the Linux kernel, the following vulnerability has been resolved:
jfs: fix slab-out-of-bounds...
High
Unreviewed
CVE-2023-52602
was published
Mar 6, 2024
libheif <= 1.17.6 contains a memory leak in the function JpegEncoder::Encode. This flaw allows an...
High
Unreviewed
CVE-2024-25269
was published
Mar 5, 2024
phpseclib a large prime can cause a denial of service
High
CVE-2024-27354
was published
for
phpseclib/phpseclib
(Composer)
Mar 2, 2024
phpseclib does not properly limit the ASN1 OID length
High
CVE-2024-27355
was published
for
phpseclib/phpseclib
(Composer)
Mar 2, 2024
A vulnerability in the External Border Gateway Protocol (eBGP) implementation of Cisco NX-OS...
High
Unreviewed
CVE-2024-20321
was published
Feb 29, 2024
In the Linux kernel, the following vulnerability has been resolved:
net: marvell: prestera: fix...
High
Unreviewed
CVE-2021-47023
was published
Feb 28, 2024
In the Linux kernel, the following vulnerability has been resolved:
net: Only allow init netns...
High
Unreviewed
CVE-2021-47010
was published
Feb 28, 2024
In Srelay (the SOCKS proxy and Relay) v.0.4.8p3, a specially crafted network payload can trigger...
High
Unreviewed
CVE-2024-25398
was published
Feb 27, 2024
Connection leaking on idle timeout when TCP congested
High
CVE-2024-22201
was published
for
org.eclipse.jetty.http2:http2-common
(Maven)
Feb 26, 2024
Undertow Uncontrolled Resource Consumption Vulnerability
High
CVE-2024-1635
was published
for
io.undertow:undertow-core
(Maven)
Feb 20, 2024
Uncontrolled Resource Consumption in moodle
High
CVE-2024-25978
was published
for
moodle/moodle
(Composer)
Feb 19, 2024
Duplicate Advisory: Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability
High
GHSA-32q7-gv7f-4cg5
was published
for
Microsoft.AspNetCore.App.Runtime.linux-arm
(NuGet)
Feb 13, 2024
•
withdrawn
Windows DNS Client Denial of Service Vulnerability
High
Unreviewed
CVE-2024-21342
was published
Feb 13, 2024
XSS sidekiq-unique-jobs UI server vulnerability
High
CVE-2024-25122
was published
for
sidekiq-unique-jobs
(RubyGems)
Feb 13, 2024
An unauthenticated remote attacker can use an uncontrolled resource consumption vulnerability to...
High
Unreviewed
CVE-2024-24781
was published
Feb 13, 2024
python-multipart vulnerable to Content-Type Header ReDoS
High
CVE-2024-24762
was published
for
fastapi
(pip)
Feb 12, 2024
Duplicate Advisory: FastAPI Content-Type Header ReDoS
High
GHSA-qf9m-vfgh-m389
was published
for
fastapi
(pip)
Feb 5, 2024
•
withdrawn
Duplicate Advisory: Starlette Content-Type Header ReDoS
High
GHSA-93gm-qmq6-w238
was published
for
starlette
(pip)
Feb 5, 2024
•
withdrawn
libexpat through 2.5.0 allows a denial of service (resource consumption) because many full...
High
Unreviewed
CVE-2023-52425
was published
Feb 4, 2024
ProTip!
Advisories are also available from the
GraphQL API