GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
62 advisories
Filter by severity
Memory leaks in code encrypting and verifying RSA payloads
High
CVE-2024-1394
was published
for
github.com/golang-fips/go
(Go)
Mar 20, 2024
go-ethereum vulnerable to denial of service via crafted GraphQL query
High
CVE-2023-42319
was published
for
github.com/ethereum/go-ethereum
(Go)
Oct 18, 2023
go-ethereum vulnerable to DoS via malicious p2p message
High
CVE-2024-32972
was published
for
github.com/ethereum/go-ethereum
(Go)
May 6, 2024
Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint
High
CVE-2024-40634
was published
for
github.com/argoproj/argo-cd
(Go)
Jul 22, 2024
go-grpc-compression has a zstd decompression bombing vulnerability
High
GHSA-87m9-rv8p-rgmg
was published
for
github.com/mostynb/go-grpc-compression
(Go)
Jun 10, 2024
golang.org/x/net vulnerable to Uncontrolled Resource Consumption
High
CVE-2022-41723
was published
for
golang.org/x/net
(Go)
Feb 17, 2023
golang.org/x/net/http vulnerable to a reset flood
High
CVE-2019-9514
was published
for
golang.org/x/net
(Go)
May 24, 2022
golang.org/x/net/http vulnerable to ping floods
High
CVE-2019-9512
was published
for
golang.org/x/net
(Go)
May 24, 2022
miekg/dns parsing error leads to nil pointer dereference and DoS
High
CVE-2018-17419
was published
for
github.com/miekg/dns
(Go)
May 18, 2021
Minder's GitHub Webhook Handler vulnerable to DoS from un-validated requests
High
CVE-2024-34084
was published
for
github.com/stacklok/minder
(Go)
May 7, 2024
HTTP/2 rapid reset can cause excessive work in net/http
High
CVE-2023-39325
was published
for
golang.org/x/net
(Go)
Oct 11, 2023
Apache Traffic Control vulnerable to Slowloris-style Denial of Service attack
High
CVE-2017-7670
was published
for
github.com/apache/trafficcontrol
(Go)
May 13, 2022
QUIC's Connection ID Mechanism vulnerable to Memory Exhaustion Attack
High
CVE-2024-22189
was published
for
github.com/quic-go/quic-go
(Go)
Apr 2, 2024
Denial of Service in http-swagger
High
CVE-2022-24863
was published
for
github.com/swaggo/http-swagger
(Go)
Apr 22, 2022
Denial of service in HashiCorp Consul
High
CVE-2020-25201
was published
for
github.com/hashicorp/consul
(Go)
Jan 31, 2024
Etcd Gateway can include itself as an endpoint resulting in resource exhaustion
High
CVE-2020-15114
was published
for
go.etcd.io/etcd
(Go)
Jan 31, 2024
Denial of Service in miekg-dns
High
CVE-2017-15133
was published
for
github.com/miekg/dns
(Go)
Jun 29, 2021
Traefik docker container using 100% CPU
High
CVE-2023-47633
was published
for
github.com/traefik/traefik/v2
(Go)
Dec 5, 2023
Free5gc allows a local attacker to cause a denial of service via the free5gc-compose component
High
CVE-2023-47025
was published
for
github.com/free5gc/free5gc
(Go)
Nov 17, 2023
Go-Ethereum vulnerable to denial of service via malicious p2p message
High
CVE-2023-40591
was published
for
github.com/ethereum/go-ethereum
(Go)
Sep 6, 2023
Calico Typha denial of service vulnerability
High
CVE-2023-41378
was published
for
github.com/projectcalico/calico
(Go)
Nov 6, 2023
OpenFGA DoS vulnerability
High
CVE-2023-45810
was published
for
github.com/openfga/openfga
(Go)
Oct 18, 2023
goproxy Denial of Service vulnerability
High
CVE-2023-37788
was published
for
github.com/elazarl/goproxy
(Go)
Jul 18, 2023
Coraza has potential denial of service vulnerability
High
CVE-2023-40586
was published
for
github.com/corazawaf/coraza/v2
(Go)
Jun 26, 2023
avro vulnerable to denial of service via attacker-controlled parameter
High
CVE-2023-37475
was published
for
github.com/hamba/avro
(Go)
Jul 17, 2023
ProTip!
Advisories are also available from the
GraphQL API