GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
18 advisories
Filter by severity
Traefik vulnerable to denial of service with Content-length header
High
CVE-2024-28869
was published
for
github.com/traefik/traefik
(Go)
Apr 12, 2024
CoreWCF NetFraming based services can leave connections open when they should be closed
High
CVE-2024-28252
was published
for
CoreWCF.NetFramingBase
(NuGet)
Mar 15, 2024
tokio-boring vulnerable to resource exhaustion via memory leak
Moderate
CVE-2023-6180
was published
for
tokio-boring
(Rust)
Dec 5, 2023
Salt vulnerable to denial of service
Moderate
CVE-2023-20897
was published
for
salt
(pip)
Sep 5, 2023
GoPistolet vulnerable to Improper Resource Shutdown or Release
High
CVE-2015-10085
was published
for
github.com/gopistolet/gopistolet
(Go)
Feb 21, 2023
EnumStringValues vulnerable to Uncontrolled Resource Consumption
Low
CVE-2020-36620
was published
for
EnumStringValues
(NuGet)
Dec 21, 2022
active_attr Improper Resource Shutdown or Release vulnerability
High
CVE-2021-4250
was published
for
active_attr
(RubyGems)
Dec 19, 2022
HuTool vulnerable to Uncontrolled Resource Consumption
High
CVE-2022-4565
was published
for
cn.hutool:hutool-core
(Maven)
Dec 16, 2022
Failing DTLS handshakes may cause throttling to block processing of records
High
CVE-2022-39368
was published
for
org.eclipse.californium:scandium
(Maven)
Nov 9, 2022
Jetty SslConnection does not release pooled ByteBuffers in case of errors
High
CVE-2022-2191
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Jul 7, 2022
Improper socket reuse in Apache Tomcat
High
CVE-2022-25762
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Improper Resource Shutdown or Release in Apache Tomcat
High
CVE-2017-5650
was published
for
org.apache.tomcat:tomcat
(Maven)
May 13, 2022
Resource leakage when decoding certificates and keys
High
CVE-2022-1473
was published
for
openssl-src
(Rust)
May 4, 2022
Denial of Service in Packetbeat
High
CVE-2017-11480
was published
for
github.com/elastic/beats
(Go)
Feb 15, 2022
Puma used with Rails may lead to Information Exposure
High
CVE-2022-23634
was published
for
puma
(RubyGems)
Feb 11, 2022
Improper Resource Shutdown or Release in TYPO3 extension
High
CVE-2021-38623
was published
for
webcoast/deferred-image-processing
(Composer)
Aug 30, 2021
Improper Resource Shutdown or Release in HashiCorp Vault
High
CVE-2020-7220
was published
for
github.com/hashicorp/vault
(Go)
Jul 28, 2021
Pyopenssl Incorrect Memory Management
High
CVE-2018-1000808
was published
for
pyopenssl
(pip)
Oct 10, 2018
ProTip!
Advisories are also available from the
GraphQL API