GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
63 advisories
Filter by severity
Podman vulnerable to memory-based denial of service
High
CVE-2024-3056
was published
for
github.com/containers/podman
(Go)
Aug 2, 2024
Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint
High
CVE-2024-40634
was published
for
github.com/argoproj/argo-cd
(Go)
Jul 22, 2024
go-grpc-compression has a zstd decompression bombing vulnerability
High
GHSA-87m9-rv8p-rgmg
was published
for
github.com/mostynb/go-grpc-compression
(Go)
Jun 10, 2024
Minder's GitHub Webhook Handler vulnerable to DoS from un-validated requests
High
CVE-2024-34084
was published
for
github.com/stacklok/minder
(Go)
May 7, 2024
go-ethereum vulnerable to DoS via malicious p2p message
High
CVE-2024-32972
was published
for
github.com/ethereum/go-ethereum
(Go)
May 6, 2024
QUIC's Connection ID Mechanism vulnerable to Memory Exhaustion Attack
High
CVE-2024-22189
was published
for
github.com/quic-go/quic-go
(Go)
Apr 2, 2024
Memory leaks in code encrypting and verifying RSA payloads
High
CVE-2024-1394
was published
for
github.com/golang-fips/go
(Go)
Mar 20, 2024
Denial of service in HashiCorp Consul
High
CVE-2020-25201
was published
for
github.com/hashicorp/consul
(Go)
Jan 31, 2024
Etcd Gateway can include itself as an endpoint resulting in resource exhaustion
High
CVE-2020-15114
was published
for
go.etcd.io/etcd
(Go)
Jan 31, 2024
Traefik docker container using 100% CPU
High
CVE-2023-47633
was published
for
github.com/traefik/traefik/v2
(Go)
Dec 5, 2023
Free5gc allows a local attacker to cause a denial of service via the free5gc-compose component
High
CVE-2023-47025
was published
for
github.com/free5gc/free5gc
(Go)
Nov 17, 2023
Calico Typha denial of service vulnerability
High
CVE-2023-41378
was published
for
github.com/projectcalico/calico
(Go)
Nov 6, 2023
OpenFGA DoS vulnerability
High
CVE-2023-45810
was published
for
github.com/openfga/openfga
(Go)
Oct 18, 2023
go-ethereum vulnerable to denial of service via crafted GraphQL query
High
CVE-2023-42319
was published
for
github.com/ethereum/go-ethereum
(Go)
Oct 18, 2023
HTTP/2 rapid reset can cause excessive work in net/http
High
CVE-2023-39325
was published
for
golang.org/x/net
(Go)
Oct 11, 2023
github.com/nghttp2/nghttp2 has HTTP/2 Rapid Reset
High
GHSA-vx74-f528-fxqg
was published
for
github.com/nghttp2/nghttp2
(Go)
Oct 10, 2023
Go-Ethereum vulnerable to denial of service via malicious p2p message
High
CVE-2023-40591
was published
for
github.com/ethereum/go-ethereum
(Go)
Sep 6, 2023
libp2p nodes vulnerable to OOM attack
High
CVE-2023-40583
was published
for
github.com/libp2p/go-libp2p
(Go)
Aug 24, 2023
goproxy Denial of Service vulnerability
High
CVE-2023-37788
was published
for
github.com/elazarl/goproxy
(Go)
Jul 18, 2023
avro vulnerable to denial of service via attacker-controlled parameter
High
CVE-2023-37475
was published
for
github.com/hamba/avro
(Go)
Jul 17, 2023
mx-chain-go's relayed transactions always increment nonce
High
CVE-2023-34458
was published
for
github.com/multiversx/mx-chain-go
(Go)
Jul 13, 2023
Coraza has potential denial of service vulnerability
High
CVE-2023-40586
was published
for
github.com/corazawaf/coraza/v2
(Go)
Jun 26, 2023
github.com/ipfs/go-bitswap vulnerable to DOS unbounded persistent memory leak
High
GHSA-q3j6-22wf-3jh9
was published
for
github.com/ipfs/go-bitswap
(Go)
May 11, 2023
Boxo bitswap/server: DOS unbounded persistent memory leak
High
CVE-2023-25568
was published
for
github.com/ipfs/go-libipfs
(Go)
May 11, 2023
Traefik HTTP header parsing could cause a denial of service
High
CVE-2023-29013
was published
for
github.com/traefik/traefik/v2
(Go)
Apr 11, 2023
ProTip!
Advisories are also available from the
GraphQL API