Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,815
Erlang
36
GitHub Actions
32
Go
2,401
Maven
5,000+
npm
4,045
NuGet
723
pip
3,842
Pub
12
RubyGems
933
Rust
1,003
Swift
38
Unreviewed advisories
All unreviewed
5,000+

164 advisories

Loading
eventing-github vulnerable to denial of service caused by improper enforcement of the timeout on individual read operations Low
GHSA-v7hc-87jc-qrrr was published for knative.dev/eventing-github (Go) Dec 6, 2023
lestrrat-go/jwx's malicious parameters in JWE can cause a DOS Moderate
CVE-2023-49290 was published for github.com/lestrrat-go/jwx (Go) Dec 5, 2023
P3ngu1nW
Traefik docker container using 100% CPU High
CVE-2023-47633 was published for github.com/traefik/traefik/v2 (Go) Dec 5, 2023
ekle
Traefik vulnerable to potential DDoS via ACME HTTPChallenge Moderate
CVE-2023-47124 was published for github.com/traefik/traefik/v2 (Go) Dec 5, 2023
Knative Serving vulnerable to attacker-controlled pod causing denial of service of autoscaler Moderate
CVE-2023-48713 was published for knative.dev/serving (Go) Nov 27, 2023
AdamKorcz
Mattermost Uncontrolled Resource Consumption vulnerability Moderate
CVE-2023-48369 was published for github.com/mattermost/mattermost-server/v6 (Go) Nov 27, 2023
Mattermost Uncontrolled Resource Consumption vulnerability Moderate
CVE-2023-40703 was published for github.com/mattermost/mattermost-server/v6 (Go) Nov 27, 2023
Mattermost Uncontrolled Resource Consumption vulnerability Moderate
CVE-2023-48268 was published for github.com/mattermost/mattermost-server/v6 (Go) Nov 27, 2023
Decryption of malicious PBES2 JWE objects can consume unbounded system resources Moderate
GHSA-2c7c-3mj9-8fqh was published for github.com/go-jose/go-jose/v3 (Go) Nov 21, 2023
mcpherrinm
Free5gc allows a local attacker to cause a denial of service via the free5gc-compose component High
CVE-2023-47025 was published for github.com/free5gc/free5gc (Go) Nov 17, 2023
Cosign vulnerable to possible endless data attack from attacker-controlled registry Low
CVE-2023-46737 was published for github.com/sigstore/cosign (Go) Nov 8, 2023
AdamKorcz pdeslaur
Mattermost vulnerable to excessive memory consumption Moderate
CVE-2023-5969 was published for github.com/mattermost/mattermost-server/v6 (Go) Nov 6, 2023
MarkLee131
Calico Typha denial of service vulnerability High
CVE-2023-41378 was published for github.com/projectcalico/calico (Go) Nov 6, 2023
OpenFGA DoS vulnerability High
CVE-2023-45810 was published for github.com/openfga/openfga (Go) Oct 18, 2023
KlausVii
go-ethereum vulnerable to denial of service via crafted GraphQL query High
CVE-2023-42319 was published for github.com/ethereum/go-ethereum (Go) Oct 18, 2023
Traefik vulnerable to HTTP/2 request causing denial of service Moderate
GHSA-7v4p-328v-8v5g was published for github.com/traefik/traefik (Go) Oct 17, 2023
HTTP/2 rapid reset can cause excessive work in net/http High
CVE-2023-39325 was published for golang.org/x/net (Go) Oct 11, 2023
HTTP/2 Stream Cancellation Attack Moderate
CVE-2023-44487 was published for com.typesafe.akka:akka-http-core (Go) Oct 10, 2023
joakime faroukfaiz10
DuyTran-TomTom derekheld ebickle westonsteimel
github.com/nghttp2/nghttp2 has HTTP/2 Rapid Reset High
GHSA-vx74-f528-fxqg was published for github.com/nghttp2/nghttp2 (Go) Oct 10, 2023
Mattermost Uncontrolled Resource Consumption vulnerability Moderate
CVE-2023-5196 was published for github.com/mattermost/mattermost-server/v6 (Go) Sep 29, 2023
Argo CD repo-server Denial of Service vulnerability Moderate
CVE-2023-40584 was published for github.com/argoproj/argo-cd/v2 (Go) Sep 11, 2023
amit-laish
Go-Ethereum vulnerable to denial of service via malicious p2p message High
CVE-2023-40591 was published for github.com/ethereum/go-ethereum (Go) Sep 6, 2023
libp2p nodes vulnerable to OOM attack High
CVE-2023-40583 was published for github.com/libp2p/go-libp2p (Go) Aug 24, 2023
marten-seemann
Denial of service from large image Low
CVE-2023-37900 was published for github.com/crossplane/crossplane (Go) Jul 28, 2023
AdamKorcz DavidKorczynski
phisco
goproxy Denial of Service vulnerability High
CVE-2023-37788 was published for github.com/elazarl/goproxy (Go) Jul 18, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database