GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
2,330 advisories
Filter by severity
Regular Expression Denial of Service in CairoSVG
High
CVE-2021-21236
was published
for
CairoSVG
(pip)
Jan 6, 2021
An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends...
High
Unreviewed
CVE-2024-23744
was published
Jan 22, 2024
Apprise vulnerable to regex injection with IFTTT Plugin
High
CVE-2021-39229
was published
for
apprise
(pip)
Sep 20, 2021
Apache IoTDB subject to ReDOS with Java 8
High
CVE-2022-43766
was published
for
apache-iotdb
(Maven)
Oct 26, 2022
DNSJava affected by KeyTrap - NSEC3 closest encloser proof can exhaust CPU resources
Moderate
GHSA-mmwx-rj87-vfgr
was published
for
dnsjava:dnsjava
(Maven)
Jul 22, 2024
Apache Airflow denial of service vulnerability
High
CVE-2023-37379
was published
for
apache-airflow
(pip)
Aug 23, 2023
Drivers are not always robust to extremely large draw calls and in some cases this scenario could...
High
Unreviewed
CVE-2023-5724
was published
Oct 25, 2023
fast-xml-parser vulnerable to ReDOS at currency parsing
High
CVE-2024-41818
was published
for
fast-xml-parser
(npm)
Jul 29, 2024
An adversary could cause a continuous restart loop to the entire device by sending a large...
High
Unreviewed
CVE-2023-40710
was published
Aug 24, 2023
An adversary could crash the entire device by sending a large quantity of ICMP requests if the...
High
Unreviewed
CVE-2023-40709
was published
Aug 24, 2023
An inconsistent user interface issue was addressed with improved state management. This issue is...
Moderate
Unreviewed
CVE-2023-40408
was published
Oct 25, 2023
DHCP Server Service Denial of Service Vulnerability
High
Unreviewed
CVE-2024-38236
was published
Sep 10, 2024
Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected...
Moderate
Unreviewed
CVE-2017-2681
was published
May 13, 2022
Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of...
Moderate
Unreviewed
CVE-2017-2680
was published
May 13, 2022
A vulnerability has been identified in CP1604 (All versions < V2.8), CP1616 (All versions < V2.8)...
Moderate
Unreviewed
CVE-2019-10923
was published
May 24, 2022
A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0) (All...
High
Unreviewed
CVE-2024-43647
was published
Sep 10, 2024
Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.
Moderate
CVE-2024-29857
was published
for
BouncyCastle
(Maven)
May 14, 2024
An issue discovered in Govee LED Strip v3.00.42 allows attackers to cause a denial of service via...
High
Unreviewed
CVE-2023-45956
was published
Oct 31, 2023
Undertow's url-encoded request path information can be broken on ajp-listener
High
CVE-2024-6162
was published
for
io.undertow:undertow-core
(Maven)
Jun 20, 2024
Bouncy Castle Denial of Service (DoS)
Moderate
CVE-2023-33202
was published
for
org.bouncycastle:bcpkix-jdk18on
(Maven)
Nov 23, 2023
OCI image importer memory exhaustion in github.com/containerd/containerd
Moderate
CVE-2023-25153
was published
for
github.com/containerd/containerd
(Go)
Feb 16, 2023
In Minikin, there is a possible way to trigger ANR by showing a malicious message due to resource...
High
Unreviewed
CVE-2023-21339
was published
Oct 30, 2023
regular expression denial-of-service (ReDoS) in Bleach
High
CVE-2020-6817
was published
for
bleach
(pip)
Mar 30, 2020
nGrinder before 3.5.9 allows to set delay without limitation, which could be the cause of Denial...
Unknown
Unreviewed
CVE-2024-28214
was published
Mar 7, 2024
ProTip!
Advisories are also available from the
GraphQL API