Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,897
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

2,317 advisories

Loading
DHCP Server Service Denial of Service Vulnerability High Unreviewed
CVE-2024-38236 was published Sep 10, 2024
An inconsistent user interface issue was addressed with improved state management. This issue is... Moderate Unreviewed
CVE-2023-40408 was published Oct 25, 2023
An adversary could crash the entire device by sending a large quantity of ICMP requests if the... High Unreviewed
CVE-2023-40709 was published Aug 24, 2023
An adversary could cause a continuous restart loop to the entire device by sending a large... High Unreviewed
CVE-2023-40710 was published Aug 24, 2023
fast-xml-parser vulnerable to ReDOS at currency parsing High
CVE-2024-41818 was published for fast-xml-parser (npm) Jul 29, 2024
Gauss-Security amitguptagwl
Drivers are not always robust to extremely large draw calls and in some cases this scenario could... High Unreviewed
CVE-2023-5724 was published Oct 25, 2023
Apache Airflow denial of service vulnerability High
CVE-2023-37379 was published for apache-airflow (pip) Aug 23, 2023
DNSJava affected by KeyTrap - NSEC3 closest encloser proof can exhaust CPU resources Moderate
GHSA-mmwx-rj87-vfgr was published for dnsjava:dnsjava (Maven) Jul 22, 2024
levpachmanov amita-seal
Apache IoTDB subject to ReDOS with Java 8 High
CVE-2022-43766 was published for apache-iotdb (Maven) Oct 26, 2022
Apprise vulnerable to regex injection with IFTTT Plugin High
CVE-2021-39229 was published for apprise (pip) Sep 20, 2021
kevinbackhouse erik-krogh
An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends... High Unreviewed
CVE-2024-23744 was published Jan 22, 2024
CoAPthon DoS due to Exceptions High
CVE-2018-12680 was published for CoAPthon (pip) Apr 8, 2019
Regular Expression Denial of Service in CairoSVG High
CVE-2021-21236 was published for CairoSVG (pip) Jan 6, 2021
b-c-ds
Uncontrolled Resource Consumption in Jackson-databind High
CVE-2022-42003 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Oct 3, 2022
AdamKorcz coheigea
sonnyhcl Christiaan-de-Wet sunSUNQ
Precor touchscreen console P62, P80, and P82 contains a default SSH public key in the... High Unreviewed
CVE-2023-49224 was published Jun 7, 2024
go-ethereum vulnerable to denial of service via crafted GraphQL query High
CVE-2023-42319 was published for github.com/ethereum/go-ethereum (Go) Oct 18, 2023
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web... High Unreviewed
CVE-2023-21996 was published Apr 18, 2023
An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The... Moderate Unreviewed
CVE-2024-33881 was published Jun 24, 2024
A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background... Low Unreviewed
CVE-2023-5870 was published Dec 10, 2023
An unauthenticated  denial of service vulnerability exists in the SMM v1, SMM v2, and FPC... High Unreviewed
CVE-2023-2992 was published Jun 26, 2023
A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used... Moderate Unreviewed
CVE-2023-42669 was published Nov 6, 2023
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)... High Unreviewed
CVE-2023-21964 was published Apr 18, 2023
Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications... Moderate Unreviewed
CVE-2023-21925 was published Apr 18, 2023
In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause a denial of service ... Moderate Unreviewed
CVE-2018-19881 was published May 14, 2022
Undertow Uncontrolled Resource Consumption Vulnerability High
CVE-2024-1635 was published for io.undertow:undertow-core (Maven) Feb 20, 2024
ProTip! Advisories are also available from the GraphQL API