Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,315
Maven
5,000+
npm
3,949
NuGet
711
pip
3,729
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,141 advisories

Loading
Allocation of Resources Without Limits or Throttling and Uncontrolled Memory Allocation in Kubernetes Moderate
CVE-2020-8551 was published for k8s.io/kubernetes (Go) Feb 15, 2022
Kubernetes API Server DoS Via API Requests Moderate
CVE-2020-8552 was published for k8s.io/apiserver (Go) Feb 15, 2022
skitt marquiz
toddtreece
Memory exhaustion in Tensorflow Moderate
CVE-2022-21732 was published for tensorflow (pip) Feb 10, 2022
A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that... High Unreviewed
CVE-2021-41840 was published Feb 10, 2022
An authenticated user without any specific authorizations may be able to repeatedly invoke the... High Unreviewed
CVE-2021-32036 was published Feb 10, 2022
Allocation of Resources Without Limits or Throttling in Keycloak High
CVE-2020-10758 was published for org.keycloak:keycloak-parent (Maven) Feb 9, 2022
Apache ActiveMQ Artemis Uncontrolled Resource Consumption (DoS) High
CVE-2022-23913 was published for org.apache.activemq:artemis-core-client (Maven) Feb 6, 2022
Allocation of Resources Without Limits or Throttling in iText Moderate
CVE-2022-24196 was published for com.itextpdf:itext7-core (Maven) Feb 2, 2022
Denial of service in bingrep Moderate
CVE-2021-39480 was published for bingrep (Rust) Jan 28, 2022
An issue was discovered in Stormshield SNS before 4.2.3 (when the proxy is used). An attacker can... Moderate Unreviewed
CVE-2021-28096 was published Jan 28, 2022
Denial of service in sidekiq High
CVE-2022-23837 was published for sidekiq (RubyGems) Jan 27, 2022
In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely... High Unreviewed
CVE-2021-39293 was published Jan 25, 2022
android-gif-drawable vulerable to denial of service due to unrestricted comment length High
CVE-2022-23435 was published for pl.droidsonroids.gif:android-gif-drawable (Maven) Jan 20, 2022
Marcono1234
Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible... Moderate Unreviewed
CVE-2020-9059 was published Jan 11, 2022
Allocation of Resources Without Limits or Throttling in Apache Avro High
CVE-2021-43045 was published for Apache.Avro (NuGet) Jan 8, 2022
In libming 0.4.8, the parseSWF_DEFINELOSSLESS2 function in util/parser.c lacks a boundary check... Moderate Unreviewed
CVE-2021-44591 was published Jan 7, 2022
Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information... Moderate Unreviewed
CVE-2021-28715 was published Jan 7, 2022
Allocation of Resources Without Limits or Throttling in ckb High
CVE-2021-45699 was published for ckb (Rust) Jan 6, 2022
ReDOS in Vfsjfilechooser2 High
CVE-2021-29061 was published for com.github.fracpete:vfsjfilechooser2 (Maven) Jan 6, 2022
There is a Memory leakage vulnerability in Smartphone.Successful exploitation of this... High Unreviewed
CVE-2021-37111 was published Jan 4, 2022
A regular expression denial of service (ReDoS) vulnerability exits in cbioportal 3.6.21 and older... High Unreviewed
CVE-2021-38244 was published Dec 17, 2021
ReDOS in IS-SVG High
CVE-2021-29059 was published for is-svg (npm) Dec 10, 2021
Denial of Service (DoS) in Jackson Dataformat CBOR High
CVE-2020-28491 was published for com.fasterxml.jackson.dataformat:jackson-dataformat-cbor (Maven) Dec 9, 2021
DmitriyLewen
calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular... High Unreviewed
CVE-2021-44686 was published Dec 8, 2021
The Bluetooth Classic implementation on Actions ATS2815 chipsets does not properly handle the... Moderate Unreviewed
CVE-2021-31787 was published Dec 1, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database