GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
28 advisories
Filter by severity
ic-cdk has a memory leak when calling a canister method via `ic_cdk::call`
High
CVE-2024-7884
was published
for
ic_cdk
(Rust)
Sep 5, 2024
Apache CXF allows unrestricted memory consumption in CXF HTTP clients
Low
CVE-2024-41172
was published
for
org.apache.cxf:cxf-rt-transports-http
(Maven)
Jul 19, 2024
Undertow Missing Release of Memory after Effective Lifetime vulnerability
Moderate
CVE-2024-3653
was published
for
io.undertow:undertow-core
(Maven)
Jul 9, 2024
ic-stable-structures vulnerable to BTreeMap memory leak when deallocating nodes with overflows
Moderate
CVE-2024-4435
was published
for
ic-stable-structures
(Rust)
May 21, 2024
Memory leaks in code encrypting and verifying RSA payloads
High
CVE-2024-1394
was published
for
github.com/golang-fips/go
(Go)
Mar 20, 2024
Remote Denial of Service Vulnerability in Microsoft QUIC
High
GHSA-2x7m-gf85-3745
was published
for
Microsoft.Native.Quic.MsQuic.OpenSSL
(NuGet)
Mar 13, 2024
OpenFGA denial of service
Moderate
CVE-2024-23820
was published
for
github.com/openfga/openfga
(Go)
Jan 26, 2024
tokio-boring vulnerable to resource exhaustion via memory leak
Moderate
CVE-2023-6180
was published
for
tokio-boring
(Rust)
Dec 5, 2023
HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability
High
CVE-2023-5954
was published
for
github.com/hashicorp/vault
(Go)
Nov 9, 2023
memory leak flaw was found in ruby-magick
Moderate
CVE-2023-5349
was published
for
rmagick
(RubyGems)
Oct 30, 2023
MsQuic Remote Denial of Service Vulnerability
High
CVE-2023-36435
was published
for
Microsoft.Native.Quic.MsQuic.OpenSSL
(NuGet)
Oct 10, 2023
CometBFT may duplicate transactions in the mempool's data structures
High
CVE-2023-34451
was published
for
github.com/cometbft/cometbft
(Go)
Jul 5, 2023
CometBFT PeerState JSON serialization deadlock
Moderate
CVE-2023-34450
was published
for
github.com/cometbft/cometbft
(Go)
Jul 5, 2023
containerd CRI stream server vulnerable to host memory exhaustion via terminal
Moderate
CVE-2022-23471
was published
for
github.com/containerd/containerd
(Go)
Dec 7, 2022
Undertow vulnerable to memory exhaustion due to buffer leak
High
CVE-2021-3690
was published
for
io.undertow:undertow-core
(Maven)
Jul 15, 2022
NFStream Local Denial of Service (DoS)
Moderate
CVE-2020-25340
was published
for
nfstream
(pip)
May 24, 2022
Wildfly has a memory leak vulnerability
Moderate
CVE-2020-27822
was published
for
org.wildfly:wildfly-parent
(Maven)
May 24, 2022
Missing permission checks in Jenkins Chaos Monkey Plugin
High
CVE-2020-2322
was published
for
io.jenkins.plugins:chaos-monkey
(Maven)
May 24, 2022
Uncontrolled Resource Consumption in WildFly
Moderate
CVE-2020-25689
was published
for
org.wildfly:wildfly-dist
(Maven)
May 24, 2022
Wildfly-OpenSSL memory leak flaw
High
CVE-2020-25644
was published
for
org.wildfly.openssl:wildfly-openssl-natives-parent
(Maven)
May 24, 2022
Memory leak in decoding PNG images
Moderate
CVE-2022-23585
was published
for
tensorflow
(pip)
Feb 9, 2022
Missing Release of Memory after Effective Lifetime in detect-character-encoding
High
CVE-2021-39176
was published
for
detect-character-encoding
(npm)
Sep 1, 2021
crossbeam-channel Undefined Behavior before v0.4.4
High
CVE-2020-15254
was published
for
crossbeam-channel
(Rust)
Aug 25, 2021
Missing release of memory in sized-chunks
High
CVE-2020-25794
was published
for
sized-chunks
(Rust)
Aug 25, 2021
ProTip!
Advisories are also available from the
GraphQL API