GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
150 advisories
Filter by severity
ASA-2024-0012, ASA-2024-0013: CosmosSDK: Transaction decoding may result in a stack overflow or resource exhaustion
High
GHSA-8wcc-m6j2-qxvm
was published
for
cosmossdk.io/x/tx
(Go)
Dec 16, 2024
CWA-2023-004: Excessive number of function parameters in compiled Wasm
Moderate
GHSA-75qh-gg76-p2w4
was published
for
cosmwasm-vm
(Go)
Aug 27, 2024
HTTP/2 Stream Cancellation Attack
Moderate
CVE-2023-44487
was published
for
com.typesafe.akka:akka-http-core
(Go)
Oct 10, 2023
WhoDB Allows Unbounded Memory Consumption in Authentication Middleware Can Lead to Denial of Service
High
GHSA-5pf6-cq2v-23ww
was published
for
github.com/clidey/whodb/core
(Go)
Dec 19, 2024
Mattermost Server Resource Exhaustion
Low
CVE-2024-28053
was published
for
github.com/mattermost/mattermost-server
(Go)
Mar 15, 2024
Mattermost fails to limit the number of role names
Moderate
CVE-2024-1953
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
Mattermost Server doesn't limit the number of user preferences
Moderate
CVE-2024-28949
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Apr 5, 2024
gqlparser denial of service vulnerability via the parserDirectives function
Moderate
CVE-2023-49559
was published
for
github.com/vektah/gqlparser
(Go)
Jun 12, 2024
Traefik vulnerable to potential DDoS via ACME HTTPChallenge
Moderate
CVE-2023-47124
was published
for
github.com/traefik/traefik/v2
(Go)
Dec 5, 2023
CosmWasm wasmd has large address count in ValidateBasic
Moderate
GHSA-m3rh-cvr5-x6q4
was published
for
github.com/CosmWasm/wasmd
(Go)
Aug 8, 2024
Mattermost vulnerable to denial of service via large number of emoji reactions
High
CVE-2024-1402
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 9, 2024
Gnark out-of-memory during deserialization with crafted inputs
Moderate
CVE-2024-50354
was published
for
github.com/consensys/gnark
(Go)
Oct 31, 2024
Memory leaks in code encrypting and verifying RSA payloads
High
CVE-2024-1394
was published
for
github.com/golang-fips/go
(Go)
Mar 20, 2024
Podman vulnerable to memory-based denial of service
High
CVE-2024-3056
was published
for
github.com/containers/podman
(Go)
Aug 2, 2024
Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events
Moderate
CVE-2024-47003
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Sep 26, 2024
go-ethereum vulnerable to denial of service via crafted GraphQL query
High
CVE-2023-42319
was published
for
github.com/ethereum/go-ethereum
(Go)
Oct 18, 2023
OCI image importer memory exhaustion in github.com/containerd/containerd
Moderate
CVE-2023-25153
was published
for
github.com/containerd/containerd
(Go)
Feb 16, 2023
Mattermost Plugin Channel Export excessive resource consumption
Moderate
CVE-2024-43105
was published
for
github.com/mattermost/mattermost-plugin-channel-export
(Go)
Aug 23, 2024
go-ethereum vulnerable to DoS via malicious p2p message
High
CVE-2024-32972
was published
for
github.com/ethereum/go-ethereum
(Go)
May 6, 2024
Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint
High
CVE-2024-40634
was published
for
github.com/argoproj/argo-cd
(Go)
Jul 22, 2024
Mattermost denial of service through long emoji value
Moderate
CVE-2024-24988
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
Denial of service when decrypting attack controlled input in github.com/dvsekhvalnov/jose2go
Moderate
GHSA-mhpq-9638-x6pw
was published
for
github.com/dvsekhvalnov/jose2go
(Go)
Dec 20, 2023
octo-sts vulnerable to unauthenticated attacker causing unbounded CPU and memory usage
Low
CVE-2024-34079
was published
for
github.com/octo-sts/app
(Go)
May 13, 2024
Minder affected by denial of service from maliciously configured Git repository
Moderate
CVE-2024-37904
was published
for
github.com/stacklok/minder
(Go)
Jun 18, 2024
go-grpc-compression has a zstd decompression bombing vulnerability
High
GHSA-87m9-rv8p-rgmg
was published
for
github.com/mostynb/go-grpc-compression
(Go)
Jun 10, 2024
ProTip!
Advisories are also available from the
GraphQL API