Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,179
Erlang
31
GitHub Actions
19
Go
1,982
Maven
5,000+
npm
3,701
NuGet
656
pip
3,323
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

130 advisories

Loading
axum-core has no default limit put on request bodies High
CVE-2022-3212 was published for axum-core (Rust) Sep 15, 2022
Denial of service in sidekiq High
CVE-2022-23837 was published for sidekiq (RubyGems) Jan 27, 2022
modern-async's `forEachSeries` and `forEachLimit` functions do not limit the number of requests High
CVE-2021-41167 was published for modern-async (npm) Oct 21, 2021
Allocation of Resources Without Limits or Throttling in nvflare High
CVE-2022-21822 was published for nvflare (pip) Mar 18, 2022
Nintorac
Improper Handling of Length Parameter Inconsistency in Compress High
CVE-2021-35517 was published for org.apache.commons:commons-compress (Maven) Aug 2, 2021
Improper Handling of Length Parameter Inconsistency in Compress High
CVE-2021-35516 was published for org.apache.commons:commons-compress (Maven) Aug 2, 2021
Helm Controller denial of service High
CVE-2022-36049 was published for github.com/fluxcd/flux2 (Go) Sep 16, 2022
pjbgf
Denial of Service in Spring Cloud Function High
CVE-2022-22979 was published for org.springframework.cloud:spring-cloud-function-parent (Maven) Jun 22, 2022
Apache Avro Rust SDK's Reader could consume memory beyond allowed constraints High
CVE-2022-36124 was published for apache-avro (Rust) Aug 10, 2022
Uncontrolled Resource Consumption in opcua High
CVE-2022-25888 was published for opcua (Rust) Aug 24, 2022
Duplicate of GHSA-m77f-652q-wwp4 High
GHSA-2gg5-7c4v-6xx2 was published for axum-core (Rust) Sep 15, 2022 withdrawn
Out-of-Memory Error in Bouncy Castle Crypto High
CVE-2019-17359 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 17, 2019
rdiffweb vulnerable to potential DoS via memory consumption High
CVE-2022-3298 was published for rdiffweb (pip) Sep 27, 2022
Unbounded connection acceptance in http4s-blaze-server High
CVE-2021-21294 was published for org.http4s:http4s-blaze-server_2.12 (Maven) Feb 2, 2021
Unbounded connection acceptance leads to file handle exhaustion High
CVE-2021-21293 was published for org.http4s:blaze-core_2.11 (Maven) Feb 2, 2021
Insufficient size checks in ws High
CVE-2020-35896 was published for ws (Rust) Aug 25, 2021
node-opcua DoS vulnerability via message with memory allocation that exceeds v8's memory limit High
CVE-2022-25231 was published for node-opcua (npm) Aug 24, 2022
Regular Expression Denial of Service in sshpk High
CVE-2018-3737 was published for sshpk (npm) Aug 15, 2018
XNIO `notifyReadClosed` method logging message to unexpected end High
CVE-2022-0084 was published for org.jboss.xnio:xnio-all (Maven) Aug 27, 2022
HashiCorp Nomad vulnerable to Allocation of Resources Without Limits or Throttling High
CVE-2022-24685 was published for github.com/hashicorp/nomad (Go) Mar 1, 2022
rdiffweb does not have a rate limit on incorrect password attempts to prevent brute force attacks High
CVE-2022-3273 was published for rdiffweb (pip) Oct 6, 2022
Allocation of Resources Without Limits or Throttling in Apache Tika High
CVE-2019-10088 was published for org.apache.tika:tika-core (Maven) Aug 6, 2019
Allocation of Resources Without Limits or Throttling in Apache Tika High
CVE-2019-10094 was published for org.apache.tika:tika-core (Maven) Aug 6, 2019
Denial of Service in Netty High
CVE-2020-11612 was published for io.netty:netty-handler (Maven) Jun 15, 2020
Denial of Service in Cryptacular High
CVE-2020-7226 was published for org.cryptacular:cryptacular (Maven) Jun 10, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database