Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

238 advisories

Loading
Apache Tomcat Allocation of Resources Without Limits or Throttling vulnerability High
CVE-2024-38286 was published for org.apache.tomcat:tomcat-util (Maven) Nov 7, 2024
Mattermost Server vulnerable to application crash from attacker-generated large response Moderate
CVE-2024-47401 was published for github.com/mattermost/mattermost/server/v8 (Go) Oct 29, 2024
Spring Security vulnerable to Authorization Bypass of Static Resources in WebFlux Applications Critical
CVE-2024-38821 was published for org.springframework.security:spring-security-web (Maven) Oct 28, 2024
Security Update for the OPC UA .NET Standard Stack Moderate
CVE-2024-45526 was published for OPCFoundation.NetStandard.Opc.Ua (NuGet) Oct 18, 2024
Security Update for the OPC UA .NET Standard Stack High
GHSA-qm9f-c3v9-wphv was published for OPCFoundation.NetStandard.Opc.Ua (NuGet) Oct 18, 2024
Possible ReDoS vulnerability in query parameter filtering in Action Dispatch Moderate
CVE-2024-41128 was published for actionpack (RubyGems) Oct 15, 2024
Starlette Denial of service (DoS) via multipart/form-data High
CVE-2024-47874 was published for starlette (pip) Oct 15, 2024
defnull
Eclipse Jetty's ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks Moderate
CVE-2024-8184 was published for org.eclipse.jetty:jetty-server (Maven) Oct 14, 2024
HRsGIT
Eclipse Jetty's PushSessionCacheFilter can cause remote DoS attacks Low
CVE-2024-6762 was published for org.eclipse.jetty:jetty-servlets (Maven) Oct 14, 2024
async-graphql Directive Overload High
CVE-2024-47614 was published for async-graphql (Rust) Oct 3, 2024
MindPatch
Vertx gRPC server does not limit the maximum message size Moderate
CVE-2024-8391 was published for io.vertx:vertx-grpc-client (Maven) Sep 4, 2024
freewvs vulnerable to denial of service through large files Low
CVE-2020-15100 was published for freewvs (pip) Aug 30, 2024
Apollo Router Coprocessors may cause Denial-of-Service when handling request bodies High
CVE-2024-43783 was published for apollo-router (Rust) Aug 27, 2024
Spring Framework vulnerable to Denial of Service Moderate
CVE-2024-38808 was published for org.springframework:spring-expression (Maven) Aug 20, 2024
Miniscript allows stack consumption Moderate
CVE-2024-44073 was published for miniscript (Rust) Aug 19, 2024
apoelstra
Russh has an OOM Denial of Service due to allocation of untrusted amount High
CVE-2024-43410 was published for russh (Rust) Aug 14, 2024
Noratrieb Eugeny
REXML DoS vulnerability Moderate
CVE-2024-41946 was published for rexml (RubyGems) Aug 2, 2024
naitoh
REXML DoS vulnerability Moderate
CVE-2024-41123 was published for rexml (RubyGems) Aug 1, 2024
GraphQL Java does not properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service High
CVE-2024-40094 was published for com.graphql-java:graphql-java (Maven) Jul 30, 2024
SixLabors ImageSharp has Excessive Memory Allocation in Gif Decoder Moderate
CVE-2024-41132 was published for SixLabors.ImageSharp (NuGet) Jul 22, 2024
ErazerBrecht
DNSJava vulnerable to KeyTrap - Denial-of-Service Algorithmic Complexity Attacks Moderate
GHSA-crjg-w57m-rqqf was published for dnsjava:dnsjava (Maven) Jul 22, 2024
levpachmanov amita-seal
Django vulnerable to Denial of Service High
CVE-2024-39614 was published for Django (pip) Jul 10, 2024
Django vulnerable to Denial of Service High
CVE-2024-38875 was published for Django (pip) Jul 10, 2024
OPCFoundation.NetStandard.Opc.Ua.Core buffer-management vulnerability High
CVE-2024-33862 was published for OPCFoundation.NetStandard.Opc.Ua.Core (NuGet) Jul 6, 2024
Potential memory exhaustion attack due to sparse slice deserialization High
CVE-2024-37298 was published for github.com/gorilla/schema (Go) Jul 1, 2024
AlexVasiluta
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database