GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,897
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
65 advisories
Filter by severity
A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background...
Low
Unreviewed
CVE-2023-5870
was published
Dec 10, 2023
Potential Denial-of-Service in bindata
Low
CVE-2021-32823
was published
for
bindata
(RubyGems)
Jun 23, 2021
DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 and 16.11.0 prior...
Low
Unreviewed
CVE-2024-5469
was published
Jun 14, 2024
A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE...
Low
Unreviewed
CVE-2023-44321
was published
Nov 14, 2023
CosmWasm wasmd has large address count in ValidateBasic
Low
GHSA-m3rh-cvr5-x6q4
was published
for
github.com/CosmWasm/wasmd
(Go)
Aug 8, 2024
A denial-of-service vulnerability could allow an authenticated user to trigger an internal...
Low
Unreviewed
CVE-2022-4003
was published
Jul 31, 2024
A flaw was found in NetworkManager. When a system running NetworkManager with DEBUG logs enabled...
Low
Unreviewed
CVE-2024-6501
was published
Jul 9, 2024
octo-sts vulnerable to unauthenticated attacker causing unbounded CPU and memory usage
Low
CVE-2024-34079
was published
for
github.com/octo-sts/app
(Go)
May 13, 2024
A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any...
Low
Unreviewed
CVE-2024-6126
was published
Jul 3, 2024
Mattermost fails to limit the size of a request path
Low
CVE-2024-22091
was published
for
github.com/mattermost/mattermost-server
(Go)
Apr 26, 2024
Mattermost Mobile app versions 2.13.0 and earlier use a regular expression with polynomial...
Low
Unreviewed
CVE-2024-3872
was published
Apr 16, 2024
Keep-alive vulnerability in the sticky broadcast mechanism. Successful exploitation of this...
Low
Unreviewed
CVE-2023-41310
was published
Sep 27, 2023
Mattermost fails to properly validate a gif image file, allowing an attacker to consume a...
Low
Unreviewed
CVE-2023-3614
was published
Jul 17, 2023
SAP NetWeaver (Change and Transport System) - versions 702, 731, 740, 750, 751, 752, 753, 754,...
Low
Unreviewed
CVE-2023-32114
was published
Jun 13, 2023
Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial...
Low
Unreviewed
CVE-2019-13232
was published
May 24, 2022
Regular Expression Denial of Service in debug
Low
CVE-2017-16137
was published
for
debug
(npm)
Aug 9, 2018
Uncontrolled Resource Consumption in Mattermost Mobile versions before 2.13.0 fails to limit the...
Low
Unreviewed
CVE-2024-24975
was published
Mar 15, 2024
Resource Exhaustion in Mattermost Server versions 8.1.x before 8.1.10 fails to limit the size of...
Low
Unreviewed
CVE-2024-28053
was published
Mar 15, 2024
quiche vulnerable to unbounded storage of information related to connection ID retirement
Low
CVE-2024-1410
was published
for
quiche
(Rust)
Mar 13, 2024
Rack has possible DoS Vulnerability with Range Header
Low
CVE-2024-26141
was published
for
rack
(RubyGems)
Feb 28, 2024
Arm: unbounded memory consumption for 2nd-level page tables Certain actions require e.g. removing...
Low
Unreviewed
CVE-2022-33747
was published
Oct 11, 2022
ReDoS based DoS vulnerability in Action Dispatch
Low
CVE-2023-22792
was published
for
actionpack
(RubyGems)
Jan 18, 2023
Puppet Denial of Service and Arbitrary File Write
Low
CVE-2012-1987
was published
for
puppet
(RubyGems)
May 14, 2022
SAP Cloud Connector - version 2.0, allows an authenticated user with low privilege to perform...
Low
Unreviewed
CVE-2023-49578
was published
Dec 12, 2023
Cosign vulnerable to possible endless data attack from attacker-controlled registry
Low
CVE-2023-46737
was published
for
github.com/sigstore/cosign
(Go)
Nov 8, 2023
ProTip!
Advisories are also available from the
GraphQL API