GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,436
Erlang
29
GitHub Actions
16
Go
1,661
Maven
4,922
npm
3,450
NuGet
594
pip
2,840
Pub
10
RubyGems
823
Rust
764
Swift
34
Unreviewed advisories
All unreviewed
5,000+
2,077 advisories
Filter by severity
Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service...
High
Unreviewed
CVE-2023-39477
was published
May 3, 2024
Softing edgeConnector Siemens ConditionRefresh Resource Exhaustion Denial-of-Service...
High
Unreviewed
CVE-2023-27334
was published
May 3, 2024
Yamux Memory Exhaustion Vulnerability via Active::pending_frames property
High
CVE-2024-32984
was published
for
yamux
(Rust)
May 1, 2024
Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences
Moderate
CVE-2024-32476
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Apr 26, 2024
Mattermost fails to limit the number of active sessions
Moderate
CVE-2024-4183
was published
for
github.com/mattermost/mattermost-server
(Go)
Apr 26, 2024
Mattermost fails to limit the size of a request path
Low
CVE-2024-22091
was published
for
github.com/mattermost/mattermost-server
(Go)
Apr 26, 2024
Denial of service condition in M-Files Server in versions before 24.4.13592.4 and after 23.11 ...
High
Unreviewed
CVE-2024-4056
was published
Apr 26, 2024
python-jose denial of service via compressed JWE content
Moderate
CVE-2024-33664
was published
for
python-jose
(pip)
Apr 26, 2024
An incomplete fix was shipped for the Rapid Reset (CVE-2023-44487/CVE-2023-39325) vulnerability...
High
Unreviewed
CVE-2023-6596
was published
Apr 25, 2024
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.5 before 16...
High
Unreviewed
CVE-2024-2829
was published
Apr 25, 2024
Denial of service in Kubernetes
Moderate
CVE-2020-8557
was published
for
k8s.io/kubernetes/pkg/kubelet
(Go)
Apr 24, 2024
Mattermost Mobile app versions 2.13.0 and earlier use a regular expression with polynomial...
Low
Unreviewed
CVE-2024-3872
was published
Apr 16, 2024
parisneo/lollms-webui is vulnerable to a denial of service (DoS) attack due to uncontrolled...
Moderate
Unreviewed
CVE-2024-1569
was published
Apr 16, 2024
Dell Storage Resource Manager, 4.9.0.0 and below, contain(s) a Session Fixation Vulnerability in...
Moderate
Unreviewed
CVE-2024-0157
was published
Apr 12, 2024
An issue has been discovered in GitLab EE affecting all versions before 16.8.6, all versions...
Moderate
Unreviewed
CVE-2023-6678
was published
Apr 12, 2024
A denial of service vulnerability was identified in GitLab CE/EE, versions 16.7.7 prior to 16.8.6...
Moderate
Unreviewed
CVE-2023-6489
was published
Apr 12, 2024
Internationalized Domain Names in Applications (IDNA) vulnerable to denial of service from specially crafted inputs to idna.encode
Moderate
CVE-2024-3651
was published
for
idna
(pip)
Apr 11, 2024
A Denial of Service (DoS) vulnerability exists in the mintplex-labs/anything-llm repository when...
High
Unreviewed
CVE-2024-3569
was published
Apr 10, 2024
DHCP Server Service Denial of Service Vulnerability
High
Unreviewed
CVE-2024-26215
was published
Apr 9, 2024
DHCP Server Service Denial of Service Vulnerability
High
Unreviewed
CVE-2024-26212
was published
Apr 9, 2024
The ABAP Application Server of SAP NetWeaver as well as ABAP Platform allows an attacker to...
Moderate
Unreviewed
CVE-2024-30218
was published
Apr 9, 2024
h2 servers vulnerable to degradation of service with CONTINUATION Flood
Moderate
GHSA-q6cp-qfwq-4gcv
was published
for
h2
(Rust)
Apr 5, 2024
Mattermost Server doesn't limit the number of user preferences
Moderate
CVE-2024-28949
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Apr 5, 2024
net/http, x/net/http2: close connections when receiving too many headers
Moderate
CVE-2023-45288
was published
for
golang.org/x/net
(Go)
Apr 4, 2024
HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to...
Unknown
Unreviewed
CVE-2024-27316
was published
Apr 4, 2024
ProTip!
Advisories are also available from the
GraphQL API