Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

76 advisories

Loading
CWA-2023-004: Excessive number of function parameters in compiled Wasm Moderate
GHSA-75qh-gg76-p2w4 was published for cosmwasm-vm (Go) Aug 27, 2024
HTTP/2 Stream Cancellation Attack Moderate
CVE-2023-44487 was published for com.typesafe.akka:akka-http-core (Go) Oct 10, 2023
joakime faroukfaiz10
DuyTran-TomTom derekheld ebickle westonsteimel
Mattermost fails to limit the number of role names Moderate
CVE-2024-1953 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 29, 2024
Mattermost Server doesn't limit the number of user preferences Moderate
CVE-2024-28949 was published for github.com/mattermost/mattermost/server/v8 (Go) Apr 5, 2024
gqlparser denial of service vulnerability via the parserDirectives function Moderate
CVE-2023-49559 was published for github.com/vektah/gqlparser (Go) Jun 12, 2024
Traefik vulnerable to potential DDoS via ACME HTTPChallenge Moderate
CVE-2023-47124 was published for github.com/traefik/traefik/v2 (Go) Dec 5, 2023
CosmWasm wasmd has large address count in ValidateBasic Moderate
GHSA-m3rh-cvr5-x6q4 was published for github.com/CosmWasm/wasmd (Go) Aug 8, 2024
sushiwushi
Gnark out-of-memory during deserialization with crafted inputs Moderate
CVE-2024-50354 was published for github.com/consensys/gnark (Go) Oct 31, 2024
pventuzelo
Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events Moderate
CVE-2024-47003 was published for github.com/mattermost/mattermost/server/v8 (Go) Sep 26, 2024
c0rydoras
OCI image importer memory exhaustion in github.com/containerd/containerd Moderate
CVE-2023-25153 was published for github.com/containerd/containerd (Go) Feb 16, 2023
AdamKorcz DavidKorczynski
Mattermost Plugin Channel Export excessive resource consumption Moderate
CVE-2024-43105 was published for github.com/mattermost/mattermost-plugin-channel-export (Go) Aug 23, 2024
c0rydoras
Mattermost denial of service through long emoji value Moderate
CVE-2024-24988 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 29, 2024
Denial of service when decrypting attack controlled input in github.com/dvsekhvalnov/jose2go Moderate
GHSA-mhpq-9638-x6pw was published for github.com/dvsekhvalnov/jose2go (Go) Dec 20, 2023
Minder affected by denial of service from maliciously configured Git repository Moderate
CVE-2024-37904 was published for github.com/stacklok/minder (Go) Jun 18, 2024
AdamKorcz DavidKorczynski
Denial of service in Kubernetes Moderate
CVE-2020-8557 was published for k8s.io/kubernetes/pkg/kubelet (Go) Apr 24, 2024
moby docker daemon crash during image pull of malicious image Moderate
CVE-2021-21285 was published for github.com/moby/moby (Go) Jan 31, 2024
bgeesaman joshlarsen
IanColdwater mauilion raesene cpuguy83 neersighted
Tendermint Core vulnerable to Uncontrolled Resource Consumption Moderate
CVE-2021-21271 was published for github.com/tendermint/tendermint (Go) Oct 7, 2022
cmwaters melekes
cyril-crypto brianatcrypto tomtau yihuang
Stacklok Minder vulnerable to denial of service from maliciously crafted templates Moderate
CVE-2024-35194 was published for github.com/stacklok/minder (Go) May 20, 2024
AdamKorcz DavidKorczynski
Uncontrolled Resource Consumption in golang.org/x/image Moderate
CVE-2022-41727 was published for golang.org/x/image (Go) Feb 17, 2023
Denial of service via HAMT Decoding Panics Moderate
CVE-2023-23625 was published for github.com/ipfs/go-unixfs (Go) Feb 10, 2023
Jorropo
revel is vulnerable to resource exhaustion Moderate
CVE-2020-36568 was published for github.com/revel/revel (Go) Dec 28, 2022
golang.org/x/text Infinite loop Moderate
CVE-2020-14040 was published for golang.org/x/text (Go) May 18, 2021
Denial of service of Minder Server with attacker-controlled REST endpoint Moderate
CVE-2024-35185 was published for github.com/stacklok/minder (Go) May 16, 2024
AdamKorcz DavidKorczynski
Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences Moderate
CVE-2024-32476 was published for github.com/argoproj/argo-cd/v2 (Go) Apr 26, 2024
crenshaw-dev pasha-codefresh
todaywasawesome
net/http, x/net/http2: close connections when receiving too many headers Moderate
CVE-2023-45288 was published for golang.org/x/net (Go) Apr 4, 2024
ProTip! Advisories are also available from the GraphQL API