Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,778
Erlang
35
GitHub Actions
29
Go
2,332
Maven
5,000+
npm
3,966
NuGet
713
pip
3,759
Pub
12
RubyGems
921
Rust
975
Swift
38
Unreviewed advisories
All unreviewed
5,000+

499 advisories

Loading
ReDoS Vulnerability in ua-parser-js version High
CVE-2022-25927 was published for ua-parser-js (npm) Jan 24, 2023
G-Rath
Denial of Service Vulnerability in ActiveRecord's PostgreSQL adapter High
CVE-2022-44566 was published for activerecord (RubyGems) Jan 18, 2023
robertoz-01 aviyam181199
G-Rath
Denial of service via header parsing in Rack High
CVE-2022-44570 was published for rack (RubyGems) Jan 18, 2023
MooTools Regular Expression Denial of Service High
CVE-2021-32821 was published for mootools (npm) Jan 3, 2023
anonymous4ACL24
shiyanhui/dht vulnerable to Uncontrolled Resource Consumption High
CVE-2020-36562 was published for github.com/shiyanhui/dht (Go) Dec 28, 2022
Tendermint Client package vulnerable to Uncontrolled Resource Consumption High
CVE-2019-25072 was published for github.com/tendermint/tendermint (Go) Dec 28, 2022
yaml package for Go can consume excessive amounts of CPU or memory High
CVE-2022-3064 was published for gopkg.in/yaml.v2 (Go) Dec 28, 2022
usememos/memos Denial of Service vulnerability High
CVE-2022-4767 was published for github.com/usememos/memos (Go) Dec 27, 2022
Python Charmers Future denial of service vulnerability High
CVE-2022-40899 was published for future (pip) Dec 23, 2022
GoetzGoerisch
lite-server vulnerable to Denial of Service High
CVE-2022-25940 was published for lite-server (Maven) Dec 20, 2022
lirantal
HuTool vulnerable to Uncontrolled Resource Consumption High
CVE-2022-4565 was published for cn.hutool:hutool-core (Maven) Dec 16, 2022
Protobuf Java vulnerable to Uncontrolled Resource Consumption High
CVE-2022-3510 was published for com.google.protobuf:protobuf-java (Maven) Dec 12, 2022
Protobuf Java vulnerable to Uncontrolled Resource Consumption High
CVE-2022-3509 was published for com.google.protobuf:protobuf-java (Maven) Dec 12, 2022
libp2p DoS vulnerability from lack of resource management High
CVE-2022-23487 was published for libp2p (npm) Dec 7, 2022
libp2p DoS vulnerability from lack of resource management High
CVE-2022-23492 was published for github.com/libp2p/go-libp2p (Go) Dec 7, 2022
libp2p DoS vulnerability from lack of resource management High
CVE-2022-23486 was published for libp2p (Rust) Dec 7, 2022
Creation of new database tables through login form on PostgreSQL High
CVE-2022-41932 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Nov 21, 2022
Free5gc vulnerable to uncontrolled resource consumption High
CVE-2022-38871 was published for github.com/free5gc/free5gc (Go) Nov 19, 2022
Pillow subject to DoS via SAMPLESPERPIXEL tag High
CVE-2022-45199 was published for pillow (pip) Nov 14, 2022
MessagePack for Golang subject to DoS via Unmarshal panic High
CVE-2022-41719 was published for github.com/shamaton/msgpack/v2 (Go) Nov 11, 2022
kangax html-minifier REDoS vulnerability High
CVE-2022-37620 was published for html-minifier (npm) Oct 31, 2022
DanielRuf
conduit-hyper vulnerable to Denial of Service from unchecked request length High
CVE-2022-39294 was published for conduit-hyper (Rust) Oct 31, 2022
Apache IoTDB subject to ReDOS with Java 8 High
CVE-2022-43766 was published for apache-iotdb (Maven) Oct 26, 2022
.NET Denial of Service Vulnerability High
CVE-2022-23267 was published for Microsoft.AspNetCore.App.Runtime.linux-arm (NuGet) Oct 21, 2022
minimatch ReDoS vulnerability High
CVE-2022-3517 was published for minimatch (npm) Oct 18, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database