Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,466
Erlang
33
GitHub Actions
23
Go
2,166
Maven
5,000+
npm
3,830
NuGet
696
pip
3,507
Pub
12
RubyGems
909
Rust
904
Swift
38
Unreviewed advisories
All unreviewed
5,000+

460 advisories

Loading
python-multipart vulnerable to Content-Type Header ReDoS High
CVE-2024-24762 was published for python-multipart (pip) Feb 12, 2024
nicecatch2000 Kludex
amita-seal
Denial of Service in Connect2id Nimbus JOSE+JWT High
CVE-2023-52428 was published for com.nimbusds:nimbus-jose-jwt (Maven) Feb 11, 2024
ebickle
Liferay Portal denial of service (memory consumption) High
CVE-2024-25143 was published for com.liferay.portal:release.portal.bom (Maven) Feb 7, 2024
Duplicate Advisory: FastAPI Content-Type Header ReDoS High
GHSA-qf9m-vfgh-m389 was published for fastapi (pip) Feb 5, 2024 withdrawn
nicecatch2000 huonw
garyd203 levpachmanov
Duplicate Advisory: Starlette Content-Type Header ReDoS High
GHSA-93gm-qmq6-w238 was published for starlette (pip) Feb 5, 2024 withdrawn
tiangolo nicecatch2000
Denial of service in HashiCorp Consul High
CVE-2020-25201 was published for github.com/hashicorp/consul (Go) Jan 31, 2024
Etcd Gateway can include itself as an endpoint resulting in resource exhaustion High
CVE-2020-15114 was published for go.etcd.io/etcd (Go) Jan 31, 2024
XWiki vulnerable to Denial of Service attack through attachments High
CVE-2024-21651 was published for org.xwiki.platform:xwiki-platform-distribution-war (Maven) Jan 8, 2024
Duplicate Advisory: encoded_id-rails potential DOS vulnerability due to URIs with extremely long encoded IDs High
GHSA-4553-hq82-8654 was published for encoded_id-rails (RubyGems) Jan 4, 2024 withdrawn
Grackle has StackOverflowError in GraphQL query processing High
CVE-2023-50730 was published for edu.gemini:gsp-graphql-core_2.13 (Maven) Dec 18, 2023
Sentry's Astro SDK vulnerable to ReDoS High
CVE-2023-50249 was published for @sentry/astro (npm) Dec 18, 2023
DOS by abusing `fetchOptions.retry`. High
CVE-2023-49800 was published for nuxt-api-party (npm) Dec 11, 2023
OhB00
Candid infinite decoding loop through specially crafted payload High
CVE-2023-6245 was published for candid (Rust) Dec 8, 2023
venkkatesh-sekar chenyan-dfinity
Traefik docker container using 100% CPU High
CVE-2023-47633 was published for github.com/traefik/traefik/v2 (Go) Dec 5, 2023
ekle
phpseclib vulnerable to denial of service High
CVE-2023-49316 was published for phpseclib/phpseclib (Composer) Nov 27, 2023
kdambekalns iekadou
Free5gc allows a local attacker to cause a denial of service via the free5gc-compose component High
CVE-2023-47025 was published for github.com/free5gc/free5gc (Go) Nov 17, 2023
Remarshal expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack High
CVE-2023-47163 was published for remarshal (pip) Nov 13, 2023
Calico Typha denial of service vulnerability High
CVE-2023-41378 was published for github.com/projectcalico/calico (Go) Nov 6, 2023
Pillow Denial of Service vulnerability High
CVE-2023-44271 was published for pillow (pip) Nov 3, 2023
Django Denial-of-service in django.utils.text.Truncator High
CVE-2023-43665 was published for Django (pip) Nov 3, 2023
Django potential denial of service vulnerability in UsernameField on Windows High
CVE-2023-46695 was published for Django (pip) Nov 2, 2023
Elasticsearch vulnerable to Uncontrolled Resource Consumption High
CVE-2023-31418 was published for org.elasticsearch:elasticsearch (Maven) Oct 26, 2023
encoded_id-rails potential DOS vulnerability due to URIs with extremely long encoded IDs High
CVE-2024-0241 was published for encoded_id-rails (RubyGems) Oct 24, 2023
OpenFGA DoS vulnerability High
CVE-2023-45810 was published for github.com/openfga/openfga (Go) Oct 18, 2023
KlausVii
go-ethereum vulnerable to denial of service via crafted GraphQL query High
CVE-2023-42319 was published for github.com/ethereum/go-ethereum (Go) Oct 18, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database