Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,454
Erlang
33
GitHub Actions
22
Go
2,153
Maven
5,000+
npm
3,818
NuGet
693
pip
3,492
Pub
12
RubyGems
902
Rust
903
Swift
38
Unreviewed advisories
All unreviewed
5,000+

154 advisories

Loading
DoS Vulnerability in TraceContextPropagator.Extract - OpenTelemetry.Api High
GHSA-vc29-vg52-6643 was published for OpenTelemetry.AutoInstrumentation (NuGet) Mar 6, 2025
jackson-databind possible Denial of Service if using JDK serialization to serialize JsonNode High
CVE-2021-46877 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Mar 19, 2023
Memory exhaustion in HashiCorp Vault High
CVE-2023-6337 was published for github.com/hashicorp/vault (Go) Dec 9, 2023
Apache Struts vulnerable to memory exhaustion High
CVE-2023-34396 was published for org.apache.struts:struts2-core (Maven) Jun 14, 2023
Rack has possible DoS Vulnerability in Multipart MIME parsing High
CVE-2023-27530 was published for rack (RubyGems) Mar 8, 2023
Apache Commons FileUpload denial of service vulnerability High
CVE-2023-24998 was published for commons-fileupload:commons-fileupload (Maven) Feb 20, 2023
sunSUNQ westonsteimel
Apache Tomcat Allocation of Resources Without Limits or Throttling vulnerability High
CVE-2024-38286 was published for org.apache.tomcat:tomcat-util (Maven) Nov 7, 2024
Connection leaking on idle timeout when TCP congested High
CVE-2024-22201 was published for org.eclipse.jetty.http2:http2-common (Maven) Feb 26, 2024
luffy1949
Unlimited consumption of resources in @fastify/multipart High
CVE-2025-24033 was published for @fastify/multipart (npm) Jan 23, 2025
Uncontrolled Resource Consumption in moodle High
CVE-2024-25978 was published for moodle/moodle (Composer) Feb 19, 2024
go-git clients vulnerable to DoS via maliciously crafted Git server replies High
CVE-2025-21614 was published for github.com/go-git/go-git (Go) Jan 6, 2025
bdilalu
Litestar allows unbounded resource consumption (DoS vulnerability) High
CVE-2024-52581 was published for litestar (pip) Nov 20, 2024
defnull
android-gif-drawable vulerable to denial of service due to unrestricted comment length High
CVE-2022-23435 was published for pl.droidsonroids.gif:android-gif-drawable (Maven) Jan 20, 2022
Marcono1234
WhoDB Allows Unbounded Memory Consumption in Authentication Middleware Can Lead to Denial of Service High
GHSA-5pf6-cq2v-23ww was published for github.com/clidey/whodb/core (Go) Dec 19, 2024
thevilledev
Non-linear parsing of case-insensitive content in golang.org/x/net/html High
CVE-2024-45338 was published for golang.org/x/net (Go) Dec 18, 2024
rPGP Potential Resource Exhaustion when handling Untrusted Messages High
CVE-2024-53857 was published for pgp (Rust) Dec 5, 2024
invd hko-s
link2xt dignifiedquire
Synapse allows unsupported content types to lead to memory exhaustion High
CVE-2024-52805 was published for matrix-synapse (pip) Dec 3, 2024
Synapse denial of service through media disk space consumption High
CVE-2024-37302 was published for matrix-synapse (pip) Dec 3, 2024
Denial of service (DoS) via deformation `multipart/form-data` boundary High
CVE-2024-53981 was published for python-multipart (pip) Dec 2, 2024
Startr4ck defnull
mnqazi
OpenStack Nova VMWare driver leaks rescued images High
CVE-2014-2573 was published for nova (pip) May 17, 2022
OpenStack Glance Denial of service by creating a large number of images High
CVE-2014-9684 was published for glance (pip) May 17, 2022
OpenStack Glance Denial of service by creating a large number of images High
CVE-2015-1881 was published for glance (pip) May 17, 2022
OpenStack Compute (Nova) Denial of service via a large number of calls to the addFixedIp function High
CVE-2013-1838 was published for nova (pip) May 17, 2022
Twisted SSH client and server deny of service during SSH handshake. High
CVE-2022-21716 was published for twisted (pip) Mar 3, 2022
Idan-D vin01
Tornado has an HTTP cookie parsing DoS vulnerability High
CVE-2024-52804 was published for tornado (pip) Nov 22, 2024
kexinoh
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database