GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,090
Erlang
29
GitHub Actions
19
Go
1,915
Maven
5,000+
npm
3,646
NuGet
638
pip
3,262
Pub
10
RubyGems
870
Rust
821
Swift
35
Unreviewed advisories
All unreviewed
5,000+
326 advisories
Filter by severity
In the Linux kernel, the following vulnerability has been resolved:
mm/vmalloc: fix vmalloc...
Moderate
Unreviewed
CVE-2024-39474
was published
Jul 5, 2024
In the Linux kernel, the following vulnerability has been resolved:
mm/hugetlb: do not call...
Moderate
Unreviewed
CVE-2024-39477
was published
Jul 5, 2024
In the Linux kernel, the following vulnerability has been resolved:
xfs: fix log recovery buffer...
Moderate
Unreviewed
CVE-2024-39472
was published
Jul 5, 2024
IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack...
Moderate
Unreviewed
CVE-2024-35116
was published
Jun 29, 2024
IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD, in certain configurations, is vulnerable to...
Moderate
Unreviewed
CVE-2024-31919
was published
Jun 28, 2024
An issue the background management system of Shanxi Internet Chuangxiang Technology Co., Ltd v1.0...
Moderate
Unreviewed
CVE-2024-37681
was published
Jun 24, 2024
CrateDB has a Client initialized Session-Renegotiation DoS
Moderate
CVE-2024-37309
was published
for
io.crate:crate
(Maven)
Jun 13, 2024
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is...
Moderate
Unreviewed
CVE-2024-31881
was published
Jun 12, 2024
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is...
Moderate
Unreviewed
CVE-2024-28762
was published
Jun 12, 2024
TYPO3 Denial of Service in Online Media Asset Handling
Moderate
GHSA-f3wf-q4fj-3gxf
was published
for
typo3/cms
(Composer)
Jun 7, 2024
Cyrus IMAP before 3.8.3 and 3.10.x before 3.10.0-rc1 allows authenticated attackers to cause...
Moderate
Unreviewed
CVE-2024-34055
was published
Jun 5, 2024
is_closing_session() allows users to fill up apport.log
Moderate
Unreviewed
CVE-2022-28654
was published
Jun 5, 2024
is_closing_session() allows users to consume RAM in the Apport process
Moderate
Unreviewed
CVE-2022-28656
was published
Jun 5, 2024
TYPO3 Denial of Service in Online Media Asset Handling
Moderate
GHSA-29m4-mx89-3mjg
was published
for
typo3/cms-core
(Composer)
May 30, 2024
Denial of service of Minder Server from maliciously crafted GitHub attestations
Moderate
CVE-2024-35238
was published
for
github.com/stacklok/minder
(Go)
May 28, 2024
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All...
Moderate
Unreviewed
CVE-2024-33495
was published
May 14, 2024
Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an allocation of resources without...
Moderate
Unreviewed
CVE-2024-25969
was published
May 14, 2024
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 dashboard is...
Moderate
Unreviewed
CVE-2024-28760
was published
May 14, 2024
Wildfly vulnerable to denial of service
Moderate
CVE-2024-4029
was published
for
org.wildfly:wildfly-domain-http
(Maven)
May 2, 2024
In the Linux kernel, the following vulnerability has been resolved:
tun: limit printing rate...
Moderate
Unreviewed
CVE-2024-27013
was published
May 1, 2024
IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3...
Moderate
Unreviewed
CVE-2024-25026
was published
Apr 25, 2024
Synapse V2 state resolution weakness allows Denial of Service (DoS)
Moderate
CVE-2024-31208
was published
for
matrix-synapse
(pip)
Apr 23, 2024
lunary-ai/lunary version 1.0.0 is vulnerable to unauthorized evaluation creation due to missing...
Moderate
Unreviewed
CVE-2024-1665
was published
Apr 16, 2024
Cosign malicious artifacts can cause machine-wide DoS
Moderate
CVE-2024-29903
was published
for
github.com/sigstore/cosign
(Go)
Apr 11, 2024
Cosign malicious attachments can cause system-wide denial of service
Moderate
CVE-2024-29902
was published
for
github.com/sigstore/cosign
(Go)
Apr 11, 2024
ProTip!
Advisories are also available from the
GraphQL API