GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,844
Erlang
29
GitHub Actions
16
Go
1,715
Maven
4,950
npm
3,480
NuGet
605
pip
3,024
Pub
10
RubyGems
832
Rust
776
Swift
34
Unreviewed advisories
All unreviewed
5,000+
35 advisories
Filter by severity
SixLabors.ImageSharp vulnerable to Memory Allocation with Excessive Size Value
Moderate
CVE-2024-32035
was published
for
SixLabors.ImageSharp
(NuGet)
Apr 15, 2024
amphp/http-client Denial of Service via HTTP/2 CONTINUATION Frames
High
GHSA-w8gf-g2vq-j2f4
was published
for
amphp/http-client
(Composer)
Apr 3, 2024
A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code...
Moderate
Unreviewed
CVE-2024-2494
was published
Mar 21, 2024
A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation...
High
Unreviewed
CVE-2023-3171
was published
Dec 27, 2023
RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of...
Moderate
Unreviewed
CVE-2023-5371
was published
Oct 4, 2023
In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that...
Moderate
Unreviewed
CVE-2023-0809
was published
Oct 2, 2023
A vulnerability in the Wireless Network Control daemon (wncd) of Cisco IOS XE Software for...
Moderate
Unreviewed
CVE-2023-20202
was published
Sep 27, 2023
Undertow vulnerable to denial of service
High
CVE-2023-3223
was published
for
io.undertow:undertow-parent
(Maven)
Sep 27, 2023
As noted in the “VTPM.md” file in the eve documentation, “VTPM is a server listening on port...
Critical
Unreviewed
CVE-2023-43632
was published
Sep 21, 2023
Faktory Web Dashboard can lead to denial of service(DOS) via malicious user input
High
CVE-2023-37279
was published
for
github.com/contribsys/faktory
(Go)
Sep 20, 2023
gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted...
High
Unreviewed
CVE-2023-33953
was published
Aug 9, 2023
A vulnerability in the XCP Authentication Service of the Cisco Unified Communications Manager IM ...
High
Unreviewed
CVE-2023-20108
was published
Jun 28, 2023
vyper vulnerable to storage allocator overflow
High
CVE-2023-30837
was published
for
vyper
(pip)
May 5, 2023
docconv vulnerable to Memory Allocation with Excessive Size Value
Moderate
CVE-2022-4741
was published
for
code.sajari.com/docconv
(Go)
Dec 25, 2022
Apache Kafka vulnerability can lead to brokers hitting OutOfMemoryException, causing Denial of Service
High
CVE-2022-34917
was published
for
org.apache.kafka:kafka
(Maven)
Sep 21, 2022
Binary vulnerable to Slice Memory Allocation with Excessive Size Value
High
CVE-2022-36078
was published
for
github.com/gagliardetto/binary
(Go)
Sep 16, 2022
The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected...
High
Unreviewed
CVE-2022-31804
was published
Jun 25, 2022
Memory Allocation with Excessive Size Value in OPCFoundation.NetStandard.Opc.Ua.Core
High
CVE-2022-29863
was published
for
OPCFoundation.NetStandard.Opc.Ua.Core
(NuGet)
Jun 17, 2022
This vulnerability allows local attackers to escalate privileges on affected installations of...
High
Unreviewed
CVE-2021-34854
was published
May 24, 2022
A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an...
Moderate
Unreviewed
CVE-2021-1568
was published
May 24, 2022
A vulnerability in the logging subsystem of Cisco Data Center Network Manager (DCNM) could...
Moderate
Unreviewed
CVE-2021-1283
was published
May 24, 2022
Symfony Denial of Service Via Long Password Hashing
Moderate
CVE-2013-5958
was published
for
symfony/polyfill
(Composer)
May 17, 2022
A vulnerability in the NETCONF process of Cisco SD-WAN vEdge Routers could allow an authenticated...
Moderate
Unreviewed
CVE-2022-20717
was published
Apr 16, 2022
Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager,...
High
Unreviewed
CVE-2022-28773
was published
Apr 13, 2022
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in WEKA INTEREST Security Scanner...
High
Unreviewed
CVE-2017-20016
was published
Mar 29, 2022
ProTip!
Advisories are also available from the
GraphQL API