Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,023
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,156
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+

2,245 advisories

Loading
Django memory consumption vulnerability Moderate
CVE-2024-41989 was published for Django (pip) Aug 7, 2024
PrivX before 34.0 allows data exfiltration and denial of service via the REST API. This is fixed... High Unreviewed
CVE-2024-30170 was published Aug 6, 2024
Podman vulnerable to memory-based denial of service Moderate
CVE-2024-3056 was published for github.com/containers/podman (Go) Aug 2, 2024
REXML DoS vulnerability Moderate
CVE-2024-41946 was published for rexml (RubyGems) Aug 2, 2024
naitoh
REXML DoS vulnerability Moderate
CVE-2024-41123 was published for rexml (RubyGems) Aug 1, 2024
A denial-of-service vulnerability could allow an authenticated user to trigger an internal... Low Unreviewed
CVE-2022-4003 was published Jul 31, 2024
An issue was discovered in Kibana where a user with Viewer role could cause a Kibana instance to... Moderate Unreviewed
CVE-2024-37281 was published Jul 31, 2024
A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma... Moderate Unreviewed
CVE-2024-27862 was published Jul 30, 2024
fast-xml-parser vulnerable to ReDOS at currency parsing High
CVE-2024-41818 was published for fast-xml-parser (npm) Jul 29, 2024
Gauss-Security amitguptagwl
An issue in the Certificate Authenticated Session Establishment (CASE) protocol for establishing... Moderate Unreviewed
CVE-2024-3297 was published Jul 24, 2024
Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint High
CVE-2024-40634 was published for github.com/argoproj/argo-cd (Go) Jul 22, 2024
jake-ciolek crenshaw-dev
pasha-codefresh
DNSJava affected by KeyTrap - NSEC3 closest encloser proof can exhaust CPU resources Moderate
GHSA-mmwx-rj87-vfgr was published for dnsjava:dnsjava (Maven) Jul 22, 2024
A Denial of Service vulnerability was identified in GitHub Enterprise Server that allowed an... High Unreviewed
CVE-2024-5795 was published Jul 17, 2024
REXML denial of service vulnerability Moderate
CVE-2024-39908 was published for rexml (RubyGems) Jul 16, 2024
Fiona affected by CVE-2020-14152 related to madler-zlib High
GHSA-g4m4-9q4c-mfw6 was published for fiona (pip) Jul 16, 2024
A flaw was found in libtiff. This flaw allows an attacker to create a crafted tiff file, forcing... Moderate Unreviewed
CVE-2024-6716 was published Jul 15, 2024
A flaw was found in OpenJPEG. A resource exhaustion can occur in the opj_t1_decode_cblks function... Moderate Unreviewed
CVE-2023-39329 was published Jul 13, 2024
A flaw was found in OpenJPEG. Maliciously constructed pictures can cause the program to enter a... Moderate Unreviewed
CVE-2023-39327 was published Jul 13, 2024
An Uncontrolled Resource Consumption vulnerability in the H.323 ALG (Application Layer Gateway)... High Unreviewed
CVE-2024-39551 was published Jul 11, 2024
An Uncontrolled Resource Consumption vulnerability in the aftmand process of Juniper Networks... High Unreviewed
CVE-2024-39548 was published Jul 11, 2024
A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to restart the... High Unreviewed
CVE-2024-6036 was published Jul 11, 2024
An Uncontrolled Resource Consumption vulnerability in the Layer 2 Address Learning Daemon ... High Unreviewed
CVE-2024-39557 was published Jul 11, 2024
A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows an attacker to create... High Unreviewed
CVE-2024-6037 was published Jul 11, 2024
Next.js Denial of Service (DoS) condition High
CVE-2024-39693 was published for next (npm) Jul 10, 2024
speaker vulnerable to Denial of Service High
CVE-2024-21526 was published for speaker (npm) Jul 10, 2024
ProTip! Advisories are also available from the GraphQL API