GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,897
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
2,317 advisories
Filter by severity
DHCP Server Service Denial of Service Vulnerability
High
Unreviewed
CVE-2024-38236
was published
Sep 10, 2024
An inconsistent user interface issue was addressed with improved state management. This issue is...
Moderate
Unreviewed
CVE-2023-40408
was published
Oct 25, 2023
An adversary could crash the entire device by sending a large quantity of ICMP requests if the...
High
Unreviewed
CVE-2023-40709
was published
Aug 24, 2023
An adversary could cause a continuous restart loop to the entire device by sending a large...
High
Unreviewed
CVE-2023-40710
was published
Aug 24, 2023
fast-xml-parser vulnerable to ReDOS at currency parsing
High
CVE-2024-41818
was published
for
fast-xml-parser
(npm)
Jul 29, 2024
Drivers are not always robust to extremely large draw calls and in some cases this scenario could...
High
Unreviewed
CVE-2023-5724
was published
Oct 25, 2023
Apache Airflow denial of service vulnerability
High
CVE-2023-37379
was published
for
apache-airflow
(pip)
Aug 23, 2023
DNSJava affected by KeyTrap - NSEC3 closest encloser proof can exhaust CPU resources
Moderate
GHSA-mmwx-rj87-vfgr
was published
for
dnsjava:dnsjava
(Maven)
Jul 22, 2024
Apache IoTDB subject to ReDOS with Java 8
High
CVE-2022-43766
was published
for
apache-iotdb
(Maven)
Oct 26, 2022
Apprise vulnerable to regex injection with IFTTT Plugin
High
CVE-2021-39229
was published
for
apprise
(pip)
Sep 20, 2021
An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends...
High
Unreviewed
CVE-2024-23744
was published
Jan 22, 2024
Regular Expression Denial of Service in CairoSVG
High
CVE-2021-21236
was published
for
CairoSVG
(pip)
Jan 6, 2021
Uncontrolled Resource Consumption in Jackson-databind
High
CVE-2022-42003
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Oct 3, 2022
Precor touchscreen console P62, P80, and P82 contains a default SSH public key in the...
High
Unreviewed
CVE-2023-49224
was published
Jun 7, 2024
go-ethereum vulnerable to denial of service via crafted GraphQL query
High
CVE-2023-42319
was published
for
github.com/ethereum/go-ethereum
(Go)
Oct 18, 2023
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web...
High
Unreviewed
CVE-2023-21996
was published
Apr 18, 2023
An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The...
Moderate
Unreviewed
CVE-2024-33881
was published
Jun 24, 2024
A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background...
Low
Unreviewed
CVE-2023-5870
was published
Dec 10, 2023
An unauthenticated denial of service vulnerability exists in the SMM v1, SMM v2, and FPC...
High
Unreviewed
CVE-2023-2992
was published
Jun 26, 2023
A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used...
Moderate
Unreviewed
CVE-2023-42669
was published
Nov 6, 2023
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)...
High
Unreviewed
CVE-2023-21964
was published
Apr 18, 2023
Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications...
Moderate
Unreviewed
CVE-2023-21925
was published
Apr 18, 2023
In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause a denial of service ...
Moderate
Unreviewed
CVE-2018-19881
was published
May 14, 2022
Undertow Uncontrolled Resource Consumption Vulnerability
High
CVE-2024-1635
was published
for
io.undertow:undertow-core
(Maven)
Feb 20, 2024
ProTip!
Advisories are also available from the
GraphQL API