Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,179
Erlang
31
GitHub Actions
19
Go
1,982
Maven
5,000+
npm
3,701
NuGet
656
pip
3,323
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

99 advisories

Loading
Uncontrolled memory consumption Moderate
CVE-2021-31811 was published for org.apache.pdfbox:pdfbox (Maven) Jun 15, 2021
TYPO3 CMS vulnerable to Denial of Service in Page Error Handling Moderate
CVE-2022-36104 was published for typo3/cms (Composer) Sep 16, 2022
rikwillems
Missing rate limit on rdiffweb Moderate
CVE-2022-3456 was published for rdiffweb (pip) Oct 14, 2022
Denial of service in Mattermost Moderate
CVE-2022-4045 was published for github.com/mattermost/mattermost-server (Go) Nov 23, 2022
Denial of service in Mattermost Moderate
CVE-2022-4044 was published for github.com/mattermost/mattermost-server (Go) Nov 23, 2022
Asymmetric Resource Consumption (Amplification) in Docker containers created by Wings Moderate
CVE-2021-32699 was published for github.com/pterodactyl/wings (Go) Jun 23, 2021
angular vulnerable to regular expression denial of service (ReDoS) Moderate
CVE-2022-25844 was published for angular (npm) May 3, 2022
Apache Tika vulnerable to uncontrolled memory consumption Moderate
CVE-2022-25169 was published for org.apache.tika:tika (Maven) May 17, 2022
Allocation of Resources Without Limits or Throttling in Apache Tika Moderate
CVE-2019-10093 was published for org.apache.tika:tika-parsers (Maven) Aug 6, 2019
Potential DOS attack due to unrestricted attachment count in messages Moderate
CVE-2019-12406 was published for org.apache.cxf:apache-cxf (Maven) Nov 8, 2019
Denial of service in direct_mail Moderate
CVE-2020-12697 was published for directmailteam/direct-mail (Composer) May 24, 2021
Regular Expression Denial of Service (ReDOS) Moderate
CVE-2021-29060 was published for color-string (npm) Jun 22, 2021
Denial of service in bingrep Moderate
CVE-2021-39480 was published for bingrep (Rust) Jan 28, 2022
Memory exhaustion in Tensorflow Moderate
CVE-2022-21732 was published for tensorflow (pip) Feb 10, 2022
OctoRPKI crashes when processing GZIP bomb returned via malicious repository Moderate
CVE-2021-3912 was published for github.com/cloudflare/cfrpki (Go) Nov 10, 2021
Allocation of Resources Without Limits or Throttling in iText Moderate
CVE-2022-24196 was published for com.itextpdf:itext7-core (Maven) Feb 2, 2022
Allocation of Resources Without Limits or Throttling in Spring Framework Moderate
CVE-2022-22950 was published for org.springframework:spring-expression (Maven) Apr 3, 2022
J3rry-1729 briandealwis
Wagtail vulnerable to denial-of-service via memory exhaustion when uploading large files Moderate
CVE-2023-28837 was published for wagtail (pip) Apr 3, 2023
RealOrangeOne
h2 vulnerable to denial of service Moderate
CVE-2023-26964 was published for h2 (Rust) Apr 11, 2023
FirelightFlagboy seanmonstar
KisaragiEffective JohnTitor
A poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack Moderate
CVE-2019-16770 was published for puma (RubyGems) Dec 5, 2019
Uncontrolled resource consumption in nokogiri Moderate
CVE-2017-18258 was published for nokogiri (RubyGems) Apr 13, 2018
github.com/ipfs/kubo affected by DOS Bitswap unbounded persistent memory leak Moderate
GHSA-qvqg-6rp8-4p9h was published for github.com/ipfs/kubo (Go) May 11, 2023
Jorropo
Resource exhaustion in Mattermost Moderate
CVE-2022-1337 was published for github.com/mattermost/mattermost-server/v6 (Go) Apr 14, 2022
DoS through large manifest files in Argo CD Moderate
CVE-2022-31016 was published for github.com/argoproj/argo-cd (Go) Jun 21, 2022
AdamKorcz
KubeEdge CloudCore Router memory exhaustion vulnerability Moderate
CVE-2022-31078 was published for github.com/kubeedge/kubeedge (Go) Jul 11, 2022
DavidKorczynski AdamKorcz
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database