GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,656
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
146 advisories
Filter by severity
Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events
Moderate
CVE-2024-47003
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Sep 26, 2024
CWA-2023-004: Excessive number of function parameters in compiled Wasm
Moderate
GHSA-75qh-gg76-p2w4
was published
for
cosmwasm-vm
(Go)
Aug 27, 2024
Mattermost Plugin Channel Export excessive resource consumption
Moderate
CVE-2024-43105
was published
for
github.com/mattermost/mattermost-plugin-channel-export
(Go)
Aug 23, 2024
CosmWasm wasmd has large address count in ValidateBasic
Low
GHSA-m3rh-cvr5-x6q4
was published
for
github.com/CosmWasm/wasmd
(Go)
Aug 8, 2024
Podman vulnerable to memory-based denial of service
Moderate
CVE-2024-3056
was published
for
github.com/containers/podman
(Go)
Aug 2, 2024
Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint
High
CVE-2024-40634
was published
for
github.com/argoproj/argo-cd
(Go)
Jul 22, 2024
Minder affected by denial of service from maliciously configured Git repository
Moderate
CVE-2024-37904
was published
for
github.com/stacklok/minder
(Go)
Jun 18, 2024
gqlparser denial of service vulnerability via the parserDirectives function
Moderate
CVE-2023-49559
was published
for
github.com/vektah/gqlparser
(Go)
Jun 12, 2024
go-grpc-compression has a zstd decompression bombing vulnerability
High
GHSA-87m9-rv8p-rgmg
was published
for
github.com/mostynb/go-grpc-compression
(Go)
Jun 10, 2024
Stacklok Minder vulnerable to denial of service from maliciously crafted templates
Moderate
CVE-2024-35194
was published
for
github.com/stacklok/minder
(Go)
May 20, 2024
Denial of service of Minder Server with attacker-controlled REST endpoint
Moderate
CVE-2024-35185
was published
for
github.com/stacklok/minder
(Go)
May 16, 2024
octo-sts vulnerable to unauthenticated attacker causing unbounded CPU and memory usage
Low
CVE-2024-34079
was published
for
github.com/octo-sts/app
(Go)
May 13, 2024
Minder's GitHub Webhook Handler vulnerable to DoS from un-validated requests
High
CVE-2024-34084
was published
for
github.com/stacklok/minder
(Go)
May 7, 2024
go-ethereum vulnerable to DoS via malicious p2p message
High
CVE-2024-32972
was published
for
github.com/ethereum/go-ethereum
(Go)
May 6, 2024
Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences
Moderate
CVE-2024-32476
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Apr 26, 2024
Mattermost fails to limit the size of a request path
Low
CVE-2024-22091
was published
for
github.com/mattermost/mattermost-server
(Go)
Apr 26, 2024
Mattermost fails to limit the number of active sessions
Moderate
CVE-2024-4183
was published
for
github.com/mattermost/mattermost-server
(Go)
Apr 26, 2024
Denial of service in Kubernetes
Moderate
CVE-2020-8557
was published
for
k8s.io/kubernetes/pkg/kubelet
(Go)
Apr 24, 2024
Mattermost Server doesn't limit the number of user preferences
Moderate
CVE-2024-28949
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Apr 5, 2024
net/http, x/net/http2: close connections when receiving too many headers
Moderate
CVE-2023-45288
was published
for
golang.org/x/net
(Go)
Apr 4, 2024
QUIC's Connection ID Mechanism vulnerable to Memory Exhaustion Attack
High
CVE-2024-22189
was published
for
github.com/quic-go/quic-go
(Go)
Apr 2, 2024
ArgoCD's repo server has Uncontrolled Resource Consumption vulnerability
Moderate
CVE-2024-29893
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Mar 29, 2024
Memory leaks in code encrypting and verifying RSA payloads
High
CVE-2024-1394
was published
for
github.com/golang-fips/go
(Go)
Mar 20, 2024
JWX vulnerable to a denial of service attack using compressed JWE message
Moderate
CVE-2024-28122
was published
for
github.com/lestrrat-go/jwx
(Go)
Mar 8, 2024
Mattermost fails to limit the number of role names
Moderate
CVE-2024-1953
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
ProTip!
Advisories are also available from the
GraphQL API