GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,900
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,031 advisories
Filter by severity
Dell Storage Resource Manager, 4.9.0.0 and below, contain(s) a Session Fixation Vulnerability in...
Moderate
Unreviewed
CVE-2024-0157
was published
Apr 12, 2024
An issue has been discovered in GitLab EE affecting all versions before 16.8.6, all versions...
Moderate
Unreviewed
CVE-2023-6678
was published
Apr 12, 2024
A denial of service vulnerability was identified in GitLab CE/EE, versions 16.7.7 prior to 16.8.6...
Moderate
Unreviewed
CVE-2023-6489
was published
Apr 12, 2024
Internationalized Domain Names in Applications (IDNA) vulnerable to denial of service from specially crafted inputs to idna.encode
Moderate
CVE-2024-3651
was published
for
idna
(pip)
Apr 11, 2024
The ABAP Application Server of SAP NetWeaver as well as ABAP Platform allows an attacker to...
Moderate
Unreviewed
CVE-2024-30218
was published
Apr 9, 2024
h2 servers vulnerable to degradation of service with CONTINUATION Flood
Moderate
GHSA-q6cp-qfwq-4gcv
was published
for
h2
(Rust)
Apr 5, 2024
Mattermost Server doesn't limit the number of user preferences
Moderate
CVE-2024-28949
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Apr 5, 2024
net/http, x/net/http2: close connections when receiving too many headers
Moderate
CVE-2023-45288
was published
for
golang.org/x/net
(Go)
Apr 4, 2024
IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.3 is vulnerable to a denial of...
Moderate
Unreviewed
CVE-2024-27268
was published
Apr 4, 2024
OpenID Connect client Atom Exhaustion in provider configuration worker ets table location
Moderate
CVE-2024-31209
was published
for
oidcc
(Erlang)
Apr 3, 2024
Eclipse Vert.x vulnerable to a memory leak in TCP servers
Moderate
CVE-2024-1300
was published
for
io.vertx:vertx-core
(Maven)
Apr 2, 2024
IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 is vulnerable to a denial of...
Moderate
Unreviewed
CVE-2024-22353
was published
Mar 31, 2024
ArgoCD's repo server has Uncontrolled Resource Consumption vulnerability
Moderate
CVE-2024-29893
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Mar 29, 2024
An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions...
Moderate
Unreviewed
CVE-2024-2818
was published
Mar 28, 2024
Elasticsearch Uncontrolled Resource Consumption vulnerability
Moderate
CVE-2024-23450
was published
for
org.elasticsearch:elasticsearch
(Maven)
Mar 27, 2024
A vulnerability exists in the affected product that allows a malicious user to restart the...
Moderate
Unreviewed
CVE-2024-21914
was published
Mar 26, 2024
The Mojolicious module before 7.66 for Perl may leak cookies in certain situations related to...
Moderate
Unreviewed
CVE-2018-25100
was published
Mar 24, 2024
Uncontrolled resource consumption for some Intel(R) SPS firmware before version SPS_E5_06.01.04...
Moderate
Unreviewed
CVE-2023-29153
was published
Mar 22, 2024
Slow String Operations via MultiPart Requests in Event-Driven Functions
Moderate
CVE-2024-29186
was published
for
bref/bref
(Composer)
Mar 22, 2024
Denial of service while parsing a tar file due to lack of folders count validation
Moderate
CVE-2024-28863
was published
for
node-tar
(npm)
Mar 22, 2024
erlang-jose vulnerable to denial of service via large p2c value
Moderate
CVE-2023-50966
was published
for
jose
(Erlang)
Mar 19, 2024
Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before...
Moderate
Unreviewed
CVE-2024-2446
was published
Mar 15, 2024
Uncontrolled resource consumption for some Intel(R) SPS firmware versions may allow a privileged...
Moderate
Unreviewed
CVE-2023-35191
was published
Mar 14, 2024
quiche vulnerable to unlimited resource allocation by QUIC CRYPTO frames flooding
Moderate
CVE-2024-1765
was published
for
quiche
(Rust)
Mar 13, 2024
JWX vulnerable to a denial of service attack using compressed JWE message
Moderate
CVE-2024-28122
was published
for
github.com/lestrrat-go/jwx
(Go)
Mar 8, 2024
ProTip!
Advisories are also available from the
GraphQL API