GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
76 advisories
Filter by severity
Gnark out-of-memory during deserialization with crafted inputs
Moderate
CVE-2024-50354
was published
for
github.com/consensys/gnark
(Go)
Oct 31, 2024
Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events
Moderate
CVE-2024-47003
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Sep 26, 2024
CWA-2023-004: Excessive number of function parameters in compiled Wasm
Moderate
GHSA-75qh-gg76-p2w4
was published
for
cosmwasm-vm
(Go)
Aug 27, 2024
Mattermost Plugin Channel Export excessive resource consumption
Moderate
CVE-2024-43105
was published
for
github.com/mattermost/mattermost-plugin-channel-export
(Go)
Aug 23, 2024
CosmWasm wasmd has large address count in ValidateBasic
Moderate
GHSA-m3rh-cvr5-x6q4
was published
for
github.com/CosmWasm/wasmd
(Go)
Aug 8, 2024
Minder affected by denial of service from maliciously configured Git repository
Moderate
CVE-2024-37904
was published
for
github.com/stacklok/minder
(Go)
Jun 18, 2024
gqlparser denial of service vulnerability via the parserDirectives function
Moderate
CVE-2023-49559
was published
for
github.com/vektah/gqlparser
(Go)
Jun 12, 2024
Stacklok Minder vulnerable to denial of service from maliciously crafted templates
Moderate
CVE-2024-35194
was published
for
github.com/stacklok/minder
(Go)
May 20, 2024
Denial of service of Minder Server with attacker-controlled REST endpoint
Moderate
CVE-2024-35185
was published
for
github.com/stacklok/minder
(Go)
May 16, 2024
Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences
Moderate
CVE-2024-32476
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Apr 26, 2024
Mattermost fails to limit the number of active sessions
Moderate
CVE-2024-4183
was published
for
github.com/mattermost/mattermost-server
(Go)
Apr 26, 2024
Denial of service in Kubernetes
Moderate
CVE-2020-8557
was published
for
k8s.io/kubernetes/pkg/kubelet
(Go)
Apr 24, 2024
Mattermost Server doesn't limit the number of user preferences
Moderate
CVE-2024-28949
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Apr 5, 2024
net/http, x/net/http2: close connections when receiving too many headers
Moderate
CVE-2023-45288
was published
for
golang.org/x/net
(Go)
Apr 4, 2024
ArgoCD's repo server has Uncontrolled Resource Consumption vulnerability
Moderate
CVE-2024-29893
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Mar 29, 2024
JWX vulnerable to a denial of service attack using compressed JWE message
Moderate
CVE-2024-28122
was published
for
github.com/lestrrat-go/jwx
(Go)
Mar 8, 2024
Mattermost fails to limit the number of role names
Moderate
CVE-2024-1953
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
Mattermost denial of service through long emoji value
Moderate
CVE-2024-24988
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
moby docker daemon crash during image pull of malicious image
Moderate
CVE-2021-21285
was published
for
github.com/moby/moby
(Go)
Jan 31, 2024
CRI-O's pods can break out of resource confinement on cgroupv2
Moderate
CVE-2023-6476
was published
for
github.com/cri-o/cri-o
(Go)
Jan 10, 2024
quic-go's path validation mechanism can be exploited to cause denial of service
Moderate
CVE-2023-49295
was published
for
github.com/quic-go/quic-go
(Go)
Jan 10, 2024
Denial of service when decrypting attack controlled input in github.com/dvsekhvalnov/jose2go
Moderate
GHSA-mhpq-9638-x6pw
was published
for
github.com/dvsekhvalnov/jose2go
(Go)
Dec 20, 2023
lestrrat-go/jwx's malicious parameters in JWE can cause a DOS
Moderate
CVE-2023-49290
was published
for
github.com/lestrrat-go/jwx
(Go)
Dec 5, 2023
Traefik vulnerable to potential DDoS via ACME HTTPChallenge
Moderate
CVE-2023-47124
was published
for
github.com/traefik/traefik/v2
(Go)
Dec 5, 2023
Knative Serving vulnerable to attacker-controlled pod causing denial of service of autoscaler
Moderate
CVE-2023-48713
was published
for
knative.dev/serving
(Go)
Nov 27, 2023
ProTip!
Advisories are also available from the
GraphQL API