GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
8 advisories
github.com/ipfs/kubo affected by DOS Bitswap unbounded persistent memory leak
Moderate
GHSA-qvqg-6rp8-4p9h
was published
for
github.com/ipfs/kubo
(Go)
May 11, 2023
github.com/ipfs/go-bitswap vulnerable to DOS unbounded persistent memory leak
High
GHSA-q3j6-22wf-3jh9
was published
for
github.com/ipfs/go-bitswap
(Go)
May 11, 2023
Boxo bitswap/server: DOS unbounded persistent memory leak
High
CVE-2023-25568
was published
for
github.com/ipfs/go-libipfs
(Go)
May 11, 2023
Denial of service via HAMT Decoding Panics
Moderate
CVE-2023-23625
was published
for
github.com/ipfs/go-unixfs
(Go)
Feb 10, 2023
IPFS go-unixfsnode subject to DOS via HAMT Decoding Panics
High
CVE-2023-23631
was published
for
github.com/ipfs/go-unixfsnode
(Go)
Feb 10, 2023
IPFS go-bitfield vulnerable to DoS via malformed size arguments
Moderate
CVE-2023-23626
was published
for
github.com/ipfs/go-bitfield
(Go)
Feb 10, 2023
DOS and excessive memory usage when passing untrusted user input to to dag import
Moderate
GHSA-f2gr-7299-487h
was published
for
github.com/ipfs/go-ipfs
(Go)
Jul 6, 2022
Malformed CAR panics and excessive memory usage
Moderate
GHSA-9x4h-8wgm-8xfg
was published
for
github.com/ipld/go-car
(Go)
Jul 6, 2022
ProTip!
Advisories are also available from the
GraphQL API