Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

62 advisories

Loading
DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 and 16.11.0 prior... Low Unreviewed
CVE-2024-5469 was published Jun 14, 2024
octo-sts vulnerable to unauthenticated attacker causing unbounded CPU and memory usage Low
CVE-2024-34079 was published for github.com/octo-sts/app (Go) May 13, 2024
enj
Mattermost fails to limit the size of a request path Low
CVE-2024-22091 was published for github.com/mattermost/mattermost-server (Go) Apr 26, 2024
Mattermost Mobile app versions 2.13.0 and earlier use a regular expression with polynomial... Low Unreviewed
CVE-2024-3872 was published Apr 16, 2024
Resource Exhaustion in Mattermost Server versions 8.1.x before 8.1.10 fails to limit the size of... Low Unreviewed
CVE-2024-28053 was published Mar 15, 2024
Uncontrolled Resource Consumption in Mattermost Mobile versions before 2.13.0 fails to limit the... Low Unreviewed
CVE-2024-24975 was published Mar 15, 2024
quiche vulnerable to unbounded storage of information related to connection ID retirement Low
CVE-2024-1410 was published for quiche (Rust) Mar 13, 2024
marten-seemann
Rack has possible DoS Vulnerability with Range Header Low
CVE-2024-26141 was published for rack (RubyGems) Feb 28, 2024
ooooooo-q
SAP Cloud Connector - version 2.0, allows an authenticated user with low privilege to perform... Low Unreviewed
CVE-2023-49578 was published Dec 12, 2023
A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background... Low Unreviewed
CVE-2023-5870 was published Dec 10, 2023
eventing-github vulnerable to denial of service caused by improper enforcement of the timeout on individual read operations Low
GHSA-v7hc-87jc-qrrr was published for knative.dev/eventing-github (Go) Dec 6, 2023
A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE... Low Unreviewed
CVE-2023-44321 was published Nov 14, 2023
Cosign vulnerable to possible endless data attack from attacker-controlled registry Low
CVE-2023-46737 was published for github.com/sigstore/cosign (Go) Nov 8, 2023
AdamKorcz pdeslaur
Mattermost fails to properly validate a RegExp built off the server URL path, allowing an... Low Unreviewed
CVE-2023-5876 was published Nov 2, 2023
Keep-alive vulnerability in the sticky broadcast mechanism. Successful exploitation of this... Low Unreviewed
CVE-2023-41310 was published Sep 27, 2023
Denial of service from large image Low
CVE-2023-37900 was published for github.com/crossplane/crossplane (Go) Jul 28, 2023
AdamKorcz DavidKorczynski
phisco
Fides Webserver Vulnerable to SVG Bomb File Uploads Low
CVE-2023-37481 was published for ethyca-fides (pip) Jul 18, 2023
daveqnet
Fides Webserver Vulnerable to Zip Bomb File Uploads Low
CVE-2023-37480 was published for ethyca-fides (pip) Jul 18, 2023
daveqnet
Mattermost fails to properly validate a gif image file, allowing an attacker to consume a... Low Unreviewed
CVE-2023-3614 was published Jul 17, 2023
A vulnerability has been found in OmniSharp csharp-language-server-protocol up to 0.19.6 and... Low Unreviewed
CVE-2022-4952 was published Jul 17, 2023
SAP NetWeaver (Change and Transport System) - versions 702, 731, 740, 750, 751, 752, 753, 754,... Low Unreviewed
CVE-2023-32114 was published Jun 13, 2023
RuoYi Uncontrolled Resource Consumption vulnerability Low
CVE-2023-3163 was published for com.ruoyi:ruoyi (Maven) Jun 8, 2023
Denial of Service Vulnerability in Rack Content-Disposition parsing Low
CVE-2022-44571 was published for rack (RubyGems) Jan 18, 2023
ReDoS based DoS vulnerability in Action Dispatch Low
CVE-2023-22792 was published for actionpack (RubyGems) Jan 18, 2023
robertoz-01 postmodern
Denial of service via multipart parsing in Rack Low
CVE-2022-44572 was published for rack (RubyGems) Jan 18, 2023
ProTip! Advisories are also available from the GraphQL API