Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

66 advisories

Loading
Podman vulnerable to memory-based denial of service High
CVE-2024-3056 was published for github.com/containers/podman (Go) Aug 2, 2024
ASA-2024-0012, ASA-2024-0013: CosmosSDK: Transaction decoding may result in a stack overflow or resource exhaustion High
GHSA-8wcc-m6j2-qxvm was published for cosmossdk.io/x/tx (Go) Dec 16, 2024
WhoDB Allows Unbounded Memory Consumption in Authentication Middleware Can Lead to Denial of Service High
GHSA-5pf6-cq2v-23ww was published for github.com/clidey/whodb/core (Go) Dec 19, 2024
thevilledev
Mattermost vulnerable to denial of service via large number of emoji reactions High
CVE-2024-1402 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 9, 2024
c0rydoras
Memory leaks in code encrypting and verifying RSA payloads High
CVE-2024-1394 was published for github.com/golang-fips/go (Go) Mar 20, 2024
qmuntal r3kumar
andrewpollock
go-ethereum vulnerable to denial of service via crafted GraphQL query High
CVE-2023-42319 was published for github.com/ethereum/go-ethereum (Go) Oct 18, 2023
go-ethereum vulnerable to DoS via malicious p2p message High
CVE-2024-32972 was published for github.com/ethereum/go-ethereum (Go) May 6, 2024
Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint High
CVE-2024-40634 was published for github.com/argoproj/argo-cd (Go) Jul 22, 2024
jake-ciolek crenshaw-dev
pasha-codefresh
go-grpc-compression has a zstd decompression bombing vulnerability High
GHSA-87m9-rv8p-rgmg was published for github.com/mostynb/go-grpc-compression (Go) Jun 10, 2024
golang.org/x/net vulnerable to Uncontrolled Resource Consumption High
CVE-2022-41723 was published for golang.org/x/net (Go) Feb 17, 2023
golang.org/x/net/http vulnerable to a reset flood High
CVE-2019-9514 was published for golang.org/x/net (Go) May 24, 2022
golang.org/x/net/http vulnerable to ping floods High
CVE-2019-9512 was published for golang.org/x/net (Go) May 24, 2022
miekg/dns parsing error leads to nil pointer dereference and DoS High
CVE-2018-17419 was published for github.com/miekg/dns (Go) May 18, 2021
Minder's GitHub Webhook Handler vulnerable to DoS from un-validated requests High
CVE-2024-34084 was published for github.com/stacklok/minder (Go) May 7, 2024
AdamKorcz DavidKorczynski
HTTP/2 rapid reset can cause excessive work in net/http High
CVE-2023-39325 was published for golang.org/x/net (Go) Oct 11, 2023
Apache Traffic Control vulnerable to Slowloris-style Denial of Service attack High
CVE-2017-7670 was published for github.com/apache/trafficcontrol (Go) May 13, 2022
QUIC's Connection ID Mechanism vulnerable to Memory Exhaustion Attack High
CVE-2024-22189 was published for github.com/quic-go/quic-go (Go) Apr 2, 2024
marten-seemann
Denial of Service in http-swagger High
CVE-2022-24863 was published for github.com/swaggo/http-swagger (Go) Apr 22, 2022
Denial of service in HashiCorp Consul High
CVE-2020-25201 was published for github.com/hashicorp/consul (Go) Jan 31, 2024
Etcd Gateway can include itself as an endpoint resulting in resource exhaustion High
CVE-2020-15114 was published for go.etcd.io/etcd (Go) Jan 31, 2024
Denial of Service in miekg-dns High
CVE-2017-15133 was published for github.com/miekg/dns (Go) Jun 29, 2021
Traefik docker container using 100% CPU High
CVE-2023-47633 was published for github.com/traefik/traefik/v2 (Go) Dec 5, 2023
ekle
Free5gc allows a local attacker to cause a denial of service via the free5gc-compose component High
CVE-2023-47025 was published for github.com/free5gc/free5gc (Go) Nov 17, 2023
Go-Ethereum vulnerable to denial of service via malicious p2p message High
CVE-2023-40591 was published for github.com/ethereum/go-ethereum (Go) Sep 6, 2023
Calico Typha denial of service vulnerability High
CVE-2023-41378 was published for github.com/projectcalico/calico (Go) Nov 6, 2023
ProTip! Advisories are also available from the GraphQL API