Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,179
Erlang
31
GitHub Actions
19
Go
1,982
Maven
5,000+
npm
3,701
NuGet
656
pip
3,323
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

27 advisories

Loading
Helm Controller denial of service High
CVE-2022-36049 was published for github.com/fluxcd/flux2 (Go) Sep 16, 2022
pjbgf
HashiCorp Nomad vulnerable to Allocation of Resources Without Limits or Throttling High
CVE-2022-24685 was published for github.com/hashicorp/nomad (Go) Mar 1, 2022
crewjam/saml vulnerable to Denial Of Service Via Deflate Decompression Bomb High
CVE-2023-28119 was published for github.com/crewjam/saml (Go) Mar 22, 2023
nszetei
github.com/ipfs/go-bitswap vulnerable to DOS unbounded persistent memory leak High
GHSA-q3j6-22wf-3jh9 was published for github.com/ipfs/go-bitswap (Go) May 11, 2023
Jorropo guseggert
notation-go has excessive memory allocation on verification High
CVE-2023-25656 was published for github.com/notaryproject/notation-go (Go) Feb 22, 2023
AdamKorcz shizhMSFT
Node DOS by way of memory exhaustion through ExecSync request in CRI-O High
CVE-2022-1708 was published for github.com/cri-o/cri-o (Go) Jun 6, 2022
DavidKorczynski AdamKorcz
Allocation of Resources Without Limits or Throttling in HashiCorp Nomad High
CVE-2020-7218 was published for github.com/hashicorp/nomad (Go) May 18, 2021
Golang Facebook Thrift servers vulnerable to denial of service High
CVE-2019-11939 was published for github.com/facebook/fbthrift (Go) May 24, 2022
Allocation of Resources Without Limits or Throttling in Hashicorp Consul High
CVE-2020-13250 was published for github.com/hashicorp/consul (Go) May 18, 2021
Docker Registry has Allocation of Resources Without Limits or Throttling High
CVE-2017-11468 was published for github.com/docker/distribution (Go) May 13, 2022
Denial of Service (DoS) in HashiCorp Consul High
CVE-2020-7219 was published for github.com/hashicorp/consul (Go) May 18, 2021
Boxo bitswap/server: DOS unbounded persistent memory leak High
CVE-2023-25568 was published for github.com/ipfs/go-libipfs (Go) May 11, 2023
Jorropo guseggert
Rekor's compressed archives can result in OOM conditions High
CVE-2023-30551 was published for github.com/sigstore/rekor (Go) May 3, 2023
AdamKorcz DavidKorczynski
libp2p nodes vulnerable to attack using large RSA keys High
CVE-2023-39533 was published for github.com/libp2p/go-libp2p (Go) Aug 9, 2023
marten-seemann
K3s apiserver port is vulnerable to unauthenticated remote denial-of-service (DoS) attack via TLS SAN stuffing attack High
CVE-2023-32187 was published for github.com/k3s-io/k3s (Go) Sep 11, 2023
RKE2 supervisor port is vulnerable to unauthenticated remote denial-of-service (DoS) attack via TLS SAN stuffing attack High
CVE-2023-32186 was published for github.com/rancher/rke2 (Go) Sep 11, 2023
Faktory Web Dashboard can lead to denial of service(DOS) via malicious user input High
CVE-2023-37279 was published for github.com/contribsys/faktory (Go) Sep 20, 2023
Malayke
distribution catalog API endpoint can lead to OOM via malicious user input High
CVE-2023-2253 was published for github.com/docker/distribution (Go) May 11, 2023
josegomezr
otelgrpc DoS vulnerability due to unbound cardinality metrics High
CVE-2023-47108 was published for go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc (Go) Nov 12, 2023
Free5gc allows a local attacker to cause a denial of service via the free5gc-compose component High
CVE-2023-47025 was published for github.com/free5gc/free5gc (Go) Nov 17, 2023
Traefik docker container using 100% CPU High
CVE-2023-47633 was published for github.com/traefik/traefik/v2 (Go) Dec 5, 2023
ekle
OpenTelemetry-Go Contrib vulnerable to denial of service in otelhttp due to unbound cardinality metrics High
CVE-2023-45142 was published for go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful (Go) Oct 16, 2023
programmer04 MadVikingGod
arminru pellared
QUIC's Connection ID Mechanism vulnerable to Memory Exhaustion Attack High
CVE-2024-22189 was published for github.com/quic-go/quic-go (Go) Apr 2, 2024
marten-seemann
HTTP/2 rapid reset can cause excessive work in net/http High
CVE-2023-39325 was published for golang.org/x/net (Go) Oct 11, 2023
golang.org/x/net/http vulnerable to a reset flood High
CVE-2019-9514 was published for golang.org/x/net (Go) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database