Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,815
Erlang
36
GitHub Actions
32
Go
2,401
Maven
5,000+
npm
4,045
NuGet
723
pip
3,842
Pub
12
RubyGems
933
Rust
1,003
Swift
38
Unreviewed advisories
All unreviewed
5,000+

164 advisories

Loading
avro vulnerable to denial of service via attacker-controlled parameter High
CVE-2023-37475 was published for github.com/hamba/avro (Go) Jul 17, 2023
AdamKorcz
mx-chain-go's relayed transactions always increment nonce High
CVE-2023-34458 was published for github.com/multiversx/mx-chain-go (Go) Jul 13, 2023
Coraza has potential denial of service vulnerability High
CVE-2023-40586 was published for github.com/corazawaf/coraza/v2 (Go) Jun 26, 2023
rmb122
Notation's default `maxSignatureAttempts` in `notation verify` enables an endless data attack Moderate
CVE-2023-33958 was published for github.com/notaryproject/notation (Go) Jun 6, 2023
AdamKorcz
Notation vulnerable to denial of service from high number of artifact signatures Moderate
CVE-2023-33957 was published for github.com/notaryproject/notation (Go) Jun 6, 2023
AdamKorcz
github.com/ipfs/kubo affected by DOS Bitswap unbounded persistent memory leak Moderate
GHSA-qvqg-6rp8-4p9h was published for github.com/ipfs/kubo (Go) May 11, 2023
Jorropo
github.com/ipfs/go-bitswap vulnerable to DOS unbounded persistent memory leak High
GHSA-q3j6-22wf-3jh9 was published for github.com/ipfs/go-bitswap (Go) May 11, 2023
Jorropo guseggert
Boxo bitswap/server: DOS unbounded persistent memory leak High
CVE-2023-25568 was published for github.com/ipfs/go-libipfs (Go) May 11, 2023
Jorropo guseggert
Traefik HTTP header parsing could cause a denial of service High
CVE-2023-29013 was published for github.com/traefik/traefik/v2 (Go) Apr 11, 2023
Stud42 vulnerable to denial of service High
GHSA-3hwm-922r-47hw was published for atomys.codes/stud42 (Go) Mar 31, 2023
nullswan 42atomys
Gophish vulnerable to Denial of Service via crafted payload involving autofocus High
CVE-2022-45003 was published for github.com/gophish/gophish (Go) Mar 22, 2023
fieldpath's Paved.SetValue allows growing arrays up to arbitrary sizes in crossplane-runtime Moderate
CVE-2023-27483 was published for github.com/crossplane/crossplane-runtime (Go) Mar 13, 2023
phisco AdamKorcz
DavidKorczynski
Crossplane-runtime contains Improper Input Validation via Compositions Moderate
CVE-2023-27484 was published for github.com/crossplane/crossplane (Go) Mar 10, 2023
phisco AdamKorcz
DavidKorczynski
golang.org/x/net vulnerable to Uncontrolled Resource Consumption High
CVE-2022-41723 was published for golang.org/x/net (Go) Feb 17, 2023
Uncontrolled Resource Consumption in golang.org/x/image Moderate
CVE-2022-41727 was published for golang.org/x/image (Go) Feb 17, 2023
Uncontrolled Resource Consumption in Hashicorp Nomad Moderate
CVE-2023-0821 was published for github.com/hashicorp/nomad (Go) Feb 17, 2023
OCI image importer memory exhaustion in github.com/containerd/containerd Moderate
CVE-2023-25153 was published for github.com/containerd/containerd (Go) Feb 16, 2023
AdamKorcz DavidKorczynski
Denial of service via HAMT Decoding Panics Moderate
CVE-2023-23625 was published for github.com/ipfs/go-unixfs (Go) Feb 10, 2023
Jorropo
IPFS go-unixfsnode subject to DOS via HAMT Decoding Panics High
CVE-2023-23631 was published for github.com/ipfs/go-unixfsnode (Go) Feb 10, 2023
Jorropo
otelhttp and otelbeego have DoS vulnerability for high cardinality metrics High
CVE-2023-25151 was published for go.opentelemetry.io/contrib/instrumentation/github.com/astaxie/beego/otelbeego (Go) Feb 8, 2023
shiyanhui/dht vulnerable to Uncontrolled Resource Consumption High
CVE-2020-36562 was published for github.com/shiyanhui/dht (Go) Dec 28, 2022
ecnepsnai/web vulnerable to Uncontrolled Resource Consumption Critical
CVE-2021-4236 was published for github.com/ecnepsnai/web (Go) Dec 28, 2022
Tendermint Client package vulnerable to Uncontrolled Resource Consumption High
CVE-2019-25072 was published for github.com/tendermint/tendermint (Go) Dec 28, 2022
revel is vulnerable to resource exhaustion Moderate
CVE-2020-36568 was published for github.com/revel/revel (Go) Dec 28, 2022
yaml package for Go can consume excessive amounts of CPU or memory High
CVE-2022-3064 was published for gopkg.in/yaml.v2 (Go) Dec 28, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database