Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

14 advisories

Loading
Missing release of memory in sized-chunks High
CVE-2020-25794 was published for sized-chunks (Rust) Aug 25, 2021
Missing Release of Memory after Effective Lifetime in detect-character-encoding High
CVE-2021-39176 was published for detect-character-encoding (npm) Sep 1, 2021
crossbeam-channel Undefined Behavior before v0.4.4 High
CVE-2020-15254 was published for crossbeam-channel (Rust) Aug 25, 2021
Missing release of memory in sized-chunks High
CVE-2020-25795 was published for sized-chunks (Rust) Aug 25, 2021
Undertow vulnerable to memory exhaustion due to buffer leak High
CVE-2021-3690 was published for io.undertow:undertow-core (Maven) Jul 15, 2022
Missing permission checks in Jenkins Chaos Monkey Plugin High
CVE-2020-2322 was published for io.jenkins.plugins:chaos-monkey (Maven) May 24, 2022
NotMyFault
CometBFT may duplicate transactions in the mempool's data structures High
CVE-2023-34451 was published for github.com/cometbft/cometbft (Go) Jul 5, 2023
otrack
HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability High
CVE-2023-5954 was published for github.com/hashicorp/vault (Go) Nov 9, 2023
Wildfly-OpenSSL memory leak flaw High
CVE-2020-25644 was published for org.wildfly.openssl:wildfly-openssl-natives-parent (Maven) May 24, 2022
Remote Denial of Service Vulnerability in Microsoft QUIC High
GHSA-2x7m-gf85-3745 was published for Microsoft.Native.Quic.MsQuic.OpenSSL (NuGet) Mar 13, 2024
MsQuic Remote Denial of Service Vulnerability High
CVE-2023-36435 was published for Microsoft.Native.Quic.MsQuic.OpenSSL (NuGet) Oct 10, 2023
ic-cdk has a memory leak when calling a canister method via `ic_cdk::call` High
CVE-2024-7884 was published for ic_cdk (Rust) Sep 5, 2024
adamspofford-dfinity
Pyopenssl Incorrect Memory Management High
CVE-2018-1000808 was published for pyopenssl (pip) Oct 10, 2018
Memory leaks in code encrypting and verifying RSA payloads High
CVE-2024-1394 was published for github.com/golang-fips/go (Go) Mar 20, 2024
qmuntal r3kumar
andrewpollock
ProTip! Advisories are also available from the GraphQL API