Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,343
Erlang
31
GitHub Actions
22
Go
2,107
Maven
5,000+
npm
3,764
NuGet
679
pip
3,452
Pub
12
RubyGems
892
Rust
886
Swift
37
Unreviewed advisories
All unreviewed
5,000+

271 advisories

Loading
github.com/hashicorp/yamux's DefaultConfig has dangerous defaults causing hung Read Moderate
GHSA-29qp-crvh-w22m was published for github.com/hashicorp/yamux (Go) Jan 29, 2025
Unlimited consumption of resources in @fastify/multipart High
CVE-2025-24033 was published for @fastify/multipart (npm) Jan 23, 2025
DoS in Cilium agent DNS proxy from crafted DNS responses Moderate
CVE-2025-23028 was published for github.com/cilium/cilium (Go) Jan 22, 2025
bimmlerd kokelley-cisco
Elasticsearch allocation of resources without limits or throttling leads to crash Moderate
CVE-2024-43709 was published for org.elasticsearch:elasticsearch (Maven) Jan 21, 2025
matrix-media-repo (MMR) allows denial of service/high operating costs through unauthenticated downloads Moderate
CVE-2024-36403 was published for github.com/t2bot/matrix-media-repo (Go) Jan 16, 2025
Django has a potential denial-of-service vulnerability in IPv6 validation Moderate
CVE-2024-56374 was published for Django (pip) Jan 14, 2025
go-git clients vulnerable to DoS via maliciously crafted Git server replies High
CVE-2025-21614 was published for github.com/go-git/go-git (Go) Jan 6, 2025
bdilalu
Next.js Allows a Denial of Service (DoS) with Server Actions Moderate
CVE-2024-56332 was published for next (npm) Jan 3, 2025
gnoff ztanner
eps1lon
WhoDB Allows Unbounded Memory Consumption in Authentication Middleware Can Lead to Denial of Service High
GHSA-5pf6-cq2v-23ww was published for github.com/clidey/whodb/core (Go) Dec 19, 2024
thevilledev
Non-linear parsing of case-insensitive content in golang.org/x/net/html High
CVE-2024-45338 was published for golang.org/x/net (Go) Dec 18, 2024
Django denial-of-service in django.utils.html.strip_tags() Moderate
CVE-2024-53907 was published for Django (pip) Dec 6, 2024
rPGP Potential Resource Exhaustion when handling Untrusted Messages High
CVE-2024-53857 was published for pgp (Rust) Dec 5, 2024
invd hko-s
link2xt dignifiedquire
Synapse allows unsupported content types to lead to memory exhaustion High
CVE-2024-52805 was published for matrix-synapse (pip) Dec 3, 2024
Synapse denial of service through media disk space consumption High
CVE-2024-37302 was published for matrix-synapse (pip) Dec 3, 2024
Denial of service (DoS) via deformation `multipart/form-data` boundary High
CVE-2024-53981 was published for python-multipart (pip) Dec 2, 2024
Startr4ck defnull
mnqazi
Tornado has an HTTP cookie parsing DoS vulnerability High
CVE-2024-52804 was published for tornado (pip) Nov 22, 2024
kexinoh
Searching Opencast may cause a denial of service Moderate
CVE-2024-52797 was published for org.opencastproject:opencast-elasticsearch-impl (Maven) Nov 20, 2024
Litestar allows unbounded resource consumption (DoS vulnerability) High
CVE-2024-52581 was published for litestar (pip) Nov 20, 2024
defnull
Password Pusher rate limiter can be bypassed by forging proxy headers Low
CVE-2024-52796 was published for pwpush (RubyGems) Nov 20, 2024
Regular Expression Denial of Service (ReDoS) in @eslint/plugin-kit Low
CVE-2024-21539 was published for @eslint/plugin-kit (npm) Nov 15, 2024
mariancorneci-snyk SuperMaxine
MikuroXina
Missing ratelimit on passwrod resets in zenml Moderate
CVE-2024-4311 was published for zenml (pip) Nov 14, 2024
zlib-rs stack overflow during decompression with malicious input Moderate
GHSA-j3px-q95c-9683 was published for libz-rs-sys (Rust) Nov 14, 2024
inahga
Apache Tomcat Allocation of Resources Without Limits or Throttling vulnerability High
CVE-2024-38286 was published for org.apache.tomcat:tomcat-util (Maven) Nov 7, 2024
Mattermost Server vulnerable to application crash from attacker-generated large response Moderate
CVE-2024-47401 was published for github.com/mattermost/mattermost/server/v8 (Go) Oct 29, 2024
Spring Security vulnerable to Authorization Bypass of Static Resources in WebFlux Applications Critical
CVE-2024-38821 was published for org.springframework.security:spring-security-web (Maven) Oct 28, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database