GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,090
Erlang
29
GitHub Actions
19
Go
1,915
Maven
5,000+
npm
3,646
NuGet
638
pip
3,262
Pub
10
RubyGems
870
Rust
821
Swift
35
Unreviewed advisories
All unreviewed
5,000+
95 advisories
Filter by severity
Uncontrolled memory consumption
Moderate
CVE-2021-31811
was published
for
org.apache.pdfbox:pdfbox
(Maven)
Jun 15, 2021
TYPO3 CMS vulnerable to Denial of Service in Page Error Handling
Moderate
CVE-2022-36104
was published
for
typo3/cms
(Composer)
Sep 16, 2022
rdiffweb's unlimited length Fullname field can lead to DoS
Moderate
CVE-2022-3364
was published
for
rdiffweb
(pip)
Sep 30, 2022
rdiffweb has no rate limit on resend email feature
Moderate
CVE-2022-4723
was published
for
rdiffweb
(pip)
Dec 27, 2022
pyftpdlib vulnerable to allocation of resources without limits
Moderate
CVE-2007-6740
was published
for
pyftpdlib
(pip)
May 1, 2022
Denial of service in Mattermost
Moderate
CVE-2022-4044
was published
for
github.com/mattermost/mattermost-server
(Go)
Nov 23, 2022
Denial of service in Mattermost
Moderate
CVE-2022-4045
was published
for
github.com/mattermost/mattermost-server
(Go)
Nov 23, 2022
Asymmetric Resource Consumption (Amplification) in Docker containers created by Wings
Moderate
CVE-2021-32699
was published
for
github.com/pterodactyl/wings
(Go)
Jun 23, 2021
angular vulnerable to regular expression denial of service (ReDoS)
Moderate
CVE-2022-25844
was published
for
angular
(npm)
May 3, 2022
Apache Tika vulnerable to uncontrolled memory consumption
Moderate
CVE-2022-25169
was published
for
org.apache.tika:tika
(Maven)
May 17, 2022
Allocation of Resources Without Limits or Throttling in Apache Tika
Moderate
CVE-2019-10093
was published
for
org.apache.tika:tika-parsers
(Maven)
Aug 6, 2019
Potential DOS attack due to unrestricted attachment count in messages
Moderate
CVE-2019-12406
was published
for
org.apache.cxf:apache-cxf
(Maven)
Nov 8, 2019
Denial of service in direct_mail
Moderate
CVE-2020-12697
was published
for
directmailteam/direct-mail
(Composer)
May 24, 2021
Regular Expression Denial of Service (ReDOS)
Moderate
CVE-2021-29060
was published
for
color-string
(npm)
Jun 22, 2021
Memory exhaustion in Tensorflow
Moderate
CVE-2022-21732
was published
for
tensorflow
(pip)
Feb 10, 2022
OctoRPKI crashes when processing GZIP bomb returned via malicious repository
Moderate
CVE-2021-3912
was published
for
github.com/cloudflare/cfrpki
(Go)
Nov 10, 2021
Allocation of Resources Without Limits or Throttling in iText
Moderate
CVE-2022-24196
was published
for
com.itextpdf:itext7-core
(Maven)
Feb 2, 2022
Allocation of Resources Without Limits or Throttling in Spring Framework
Moderate
CVE-2022-22950
was published
for
org.springframework:spring-expression
(Maven)
Apr 3, 2022
Wagtail vulnerable to denial-of-service via memory exhaustion when uploading large files
Moderate
CVE-2023-28837
was published
for
wagtail
(pip)
Apr 3, 2023
A poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack
Moderate
CVE-2019-16770
was published
for
puma
(RubyGems)
Dec 5, 2019
Uncontrolled resource consumption in nokogiri
Moderate
CVE-2017-18258
was published
for
nokogiri
(RubyGems)
Apr 13, 2018
github.com/ipfs/kubo affected by DOS Bitswap unbounded persistent memory leak
Moderate
GHSA-qvqg-6rp8-4p9h
was published
for
github.com/ipfs/kubo
(Go)
May 11, 2023
ProTip!
Advisories are also available from the
GraphQL API