Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,049
Erlang
29
GitHub Actions
18
Go
1,871
Maven
5,000+
npm
3,597
NuGet
638
pip
3,198
Pub
10
RubyGems
852
Rust
809
Swift
35
Unreviewed advisories
All unreviewed
5,000+

41 advisories

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an... Moderate Unreviewed
CVE-2024-35152 was published Aug 14, 2024
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 could allow an... Moderate Unreviewed
CVE-2024-37529 was published Aug 14, 2024
SixLabors ImageSharp has Excessive Memory Allocation in Gif Decoder Moderate
CVE-2024-41132 was published for SixLabors.ImageSharp (NuGet) Jul 22, 2024
ErazerBrecht
IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack... Moderate Unreviewed
CVE-2024-35116 was published Jun 29, 2024
@grpc/grpc-js can allocate memory for incoming messages well above configured limits Moderate
CVE-2024-37168 was published for @grpc/grpc-js (npm) Jun 10, 2024
jhump
SixLabors.ImageSharp vulnerable to Memory Allocation with Excessive Size Value Moderate
CVE-2024-32035 was published for SixLabors.ImageSharp (NuGet) Apr 15, 2024
skanejohan
amphp/http-client Denial of Service via HTTP/2 CONTINUATION Frames High
GHSA-w8gf-g2vq-j2f4 was published for amphp/http-client (Composer) Apr 3, 2024
bartekn
A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code... Moderate Unreviewed
CVE-2024-2494 was published Mar 21, 2024
To keep its cache database efficient, `named` running as a recursive resolver occasionally... High Unreviewed
CVE-2023-6516 was published Feb 13, 2024
A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation... High Unreviewed
CVE-2023-3171 was published Dec 27, 2023
RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of... Moderate Unreviewed
CVE-2023-5371 was published Oct 4, 2023
In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that... Moderate Unreviewed
CVE-2023-0809 was published Oct 2, 2023
A vulnerability in the Wireless Network Control daemon (wncd) of Cisco IOS XE Software for... Moderate Unreviewed
CVE-2023-20202 was published Sep 27, 2023
Undertow vulnerable to denial of service High
CVE-2023-3223 was published for io.undertow:undertow-parent (Maven) Sep 27, 2023
As noted in the “VTPM.md” file in the eve documentation, “VTPM is a server listening on port... Critical Unreviewed
CVE-2023-43632 was published Sep 21, 2023
Faktory Web Dashboard can lead to denial of service(DOS) via malicious user input High
CVE-2023-37279 was published for github.com/contribsys/faktory (Go) Sep 20, 2023
Malayke
Excessive Iteration in gRPC High
CVE-2023-33953 was published for grpc (RubyGems) Aug 9, 2023
levpachmanov
A vulnerability in the XCP Authentication Service of the Cisco Unified Communications Manager IM ... High Unreviewed
CVE-2023-20108 was published Jun 28, 2023
vyper vulnerable to storage allocator overflow High
CVE-2023-30837 was published for vyper (pip) May 5, 2023
ToonVanHove trocher
docconv vulnerable to Memory Allocation with Excessive Size Value Moderate
CVE-2022-4741 was published for code.sajari.com/docconv (Go) Dec 25, 2022
Apache Kafka vulnerability can lead to brokers hitting OutOfMemoryException, causing Denial of Service High
CVE-2022-34917 was published for org.apache.kafka:kafka (Maven) Sep 21, 2022
jkmartindale
Binary vulnerable to Slice Memory Allocation with Excessive Size Value High
CVE-2022-36078 was published for github.com/gagliardetto/binary (Go) Sep 16, 2022
The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected... High Unreviewed
CVE-2022-31804 was published Jun 25, 2022
Memory Allocation with Excessive Size Value in OPCFoundation.NetStandard.Opc.Ua.Core High
CVE-2022-29863 was published for OPCFoundation.NetStandard.Opc.Ua.Core (NuGet) Jun 17, 2022
mregen
This vulnerability allows local attackers to escalate privileges on affected installations of... High Unreviewed
CVE-2021-34854 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API