GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,201
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,702
NuGet
660
pip
3,328
Pub
11
RubyGems
883
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+
131 advisories
Filter by severity
axum-core has no default limit put on request bodies
High
CVE-2022-3212
was published
for
axum-core
(Rust)
Sep 15, 2022
modern-async's `forEachSeries` and `forEachLimit` functions do not limit the number of requests
High
CVE-2021-41167
was published
for
modern-async
(npm)
Oct 21, 2021
Allocation of Resources Without Limits or Throttling in nvflare
High
CVE-2022-21822
was published
for
nvflare
(pip)
Mar 18, 2022
Improper Handling of Length Parameter Inconsistency in Compress
High
CVE-2021-35517
was published
for
org.apache.commons:commons-compress
(Maven)
Aug 2, 2021
Improper Handling of Length Parameter Inconsistency in Compress
High
CVE-2021-35516
was published
for
org.apache.commons:commons-compress
(Maven)
Aug 2, 2021
Helm Controller denial of service
High
CVE-2022-36049
was published
for
github.com/fluxcd/flux2
(Go)
Sep 16, 2022
Denial of Service in Spring Cloud Function
High
CVE-2022-22979
was published
for
org.springframework.cloud:spring-cloud-function-parent
(Maven)
Jun 22, 2022
Apache Avro Rust SDK's Reader could consume memory beyond allowed constraints
High
CVE-2022-36124
was published
for
apache-avro
(Rust)
Aug 10, 2022
Uncontrolled Resource Consumption in opcua
High
CVE-2022-25888
was published
for
opcua
(Rust)
Aug 24, 2022
Duplicate of GHSA-m77f-652q-wwp4
High
GHSA-2gg5-7c4v-6xx2
was published
for
axum-core
(Rust)
Sep 15, 2022
•
withdrawn
Out-of-Memory Error in Bouncy Castle Crypto
High
CVE-2019-17359
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 17, 2019
rdiffweb vulnerable to potential DoS via memory consumption
High
CVE-2022-3298
was published
for
rdiffweb
(pip)
Sep 27, 2022
Unbounded connection acceptance in http4s-blaze-server
High
CVE-2021-21294
was published
for
org.http4s:http4s-blaze-server_2.12
(Maven)
Feb 2, 2021
Unbounded connection acceptance leads to file handle exhaustion
High
CVE-2021-21293
was published
for
org.http4s:blaze-core_2.11
(Maven)
Feb 2, 2021
node-opcua DoS vulnerability via message with memory allocation that exceeds v8's memory limit
High
CVE-2022-25231
was published
for
node-opcua
(npm)
Aug 24, 2022
Regular Expression Denial of Service in sshpk
High
CVE-2018-3737
was published
for
sshpk
(npm)
Aug 15, 2018
XNIO `notifyReadClosed` method logging message to unexpected end
High
CVE-2022-0084
was published
for
org.jboss.xnio:xnio-all
(Maven)
Aug 27, 2022
HashiCorp Nomad vulnerable to Allocation of Resources Without Limits or Throttling
High
CVE-2022-24685
was published
for
github.com/hashicorp/nomad
(Go)
Mar 1, 2022
rdiffweb does not have a rate limit on incorrect password attempts to prevent brute force attacks
High
CVE-2022-3273
was published
for
rdiffweb
(pip)
Oct 6, 2022
Allocation of Resources Without Limits or Throttling in Apache Tika
High
CVE-2019-10088
was published
for
org.apache.tika:tika-core
(Maven)
Aug 6, 2019
Allocation of Resources Without Limits or Throttling in Apache Tika
High
CVE-2019-10094
was published
for
org.apache.tika:tika-core
(Maven)
Aug 6, 2019
Denial of Service in Netty
High
CVE-2020-11612
was published
for
io.netty:netty-handler
(Maven)
Jun 15, 2020
Denial of Service in Cryptacular
High
CVE-2020-7226
was published
for
org.cryptacular:cryptacular
(Maven)
Jun 10, 2020
ProTip!
Advisories are also available from the
GraphQL API