GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,277
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
66 advisories
Filter by severity
Denial of service in go-ethereum
High
CVE-2021-42219
was published
for
github.com/ethereum/go-ethereum
(Go)
Mar 18, 2022
Helm Controller denial of service
High
CVE-2022-36049
was published
for
github.com/fluxcd/flux2
(Go)
Sep 16, 2022
Uses of deprecated API can be used to cause DoS in user-facing endpoints
High
CVE-2022-31054
was published
for
github.com/argoproj/argo-events
(Go)
Jun 17, 2022
Hyperledger Fabric subject to Denial of Service via non-validated request
High
CVE-2022-35253
was published
for
github.com/hyperledger/fabric
(Go)
Sep 25, 2022
Free5gc vulnerable to uncontrolled resource consumption
High
CVE-2022-38871
was published
for
github.com/free5gc/free5gc
(Go)
Nov 19, 2022
shiyanhui/dht vulnerable to Uncontrolled Resource Consumption
High
CVE-2020-36562
was published
for
github.com/shiyanhui/dht
(Go)
Dec 28, 2022
usememos/memos Denial of Service vulnerability
High
CVE-2022-4767
was published
for
github.com/usememos/memos
(Go)
Dec 27, 2022
Denial of Service in Go-Ethereum
High
CVE-2022-23328
was published
for
github.com/ethereum/go-ethereum
(Go)
Mar 5, 2022
golang.org/x/net/http2 allows uncontrolled memory consumption
High
CVE-2021-44716
was published
for
golang.org/x/net/http2
(Go)
Jan 2, 2022
Binary vulnerable to Slice Memory Allocation with Excessive Size Value
High
CVE-2022-36078
was published
for
github.com/gagliardetto/binary
(Go)
Sep 16, 2022
libp2p DoS vulnerability from lack of resource management
High
CVE-2022-23492
was published
for
github.com/libp2p/go-libp2p
(Go)
Dec 7, 2022
Uncontrolled Resource Consumption in promhttp
High
CVE-2022-21698
was published
for
github.com/prometheus/client_golang
(Go)
Feb 16, 2022
IPFS go-unixfsnode subject to DOS via HAMT Decoding Panics
High
CVE-2023-23631
was published
for
github.com/ipfs/go-unixfsnode
(Go)
Feb 10, 2023
Tendermint Client package vulnerable to Uncontrolled Resource Consumption
High
CVE-2019-25072
was published
for
github.com/tendermint/tendermint
(Go)
Dec 28, 2022
Stud42 vulnerable to denial of service
High
GHSA-3hwm-922r-47hw
was published
for
atomys.codes/stud42
(Go)
Mar 31, 2023
Traefik HTTP header parsing could cause a denial of service
High
CVE-2023-29013
was published
for
github.com/traefik/traefik/v2
(Go)
Apr 11, 2023
otelhttp and otelbeego have DoS vulnerability for high cardinality metrics
High
CVE-2023-25151
was published
for
go.opentelemetry.io/contrib/instrumentation/github.com/astaxie/beego/otelbeego
(Go)
Feb 8, 2023
github.com/ipfs/go-bitswap vulnerable to DOS unbounded persistent memory leak
High
GHSA-q3j6-22wf-3jh9
was published
for
github.com/ipfs/go-bitswap
(Go)
May 11, 2023
Traefik HTTP/2 connections management could cause a denial of service
High
CVE-2022-39271
was published
for
github.com/traefik/traefik/v2
(Go)
Oct 10, 2022
Node DOS by way of memory exhaustion through ExecSync request in CRI-O
High
CVE-2022-1708
was published
for
github.com/cri-o/cri-o
(Go)
Jun 6, 2022
Shoutrrr util package DoS via sending 2000, 4000, or 6000 character messages
High
CVE-2022-25891
was published
for
github.com/containrrr/shoutrrr
(Go)
Jul 16, 2022
MessagePack for Golang subject to DoS via Unmarshal panic
High
CVE-2022-41719
was published
for
github.com/shamaton/msgpack/v2
(Go)
Nov 11, 2022
github.com/tidwall/gjson Vulnerable to REDoS attack
High
CVE-2021-42836
was published
for
github.com/tidwall/gjson
(Go)
Oct 25, 2021
github.com/tidwall/gjson is vulnerable to Denial of service
High
CVE-2020-36066
was published
for
github.com/tidwall/gjson
(Go)
May 18, 2021
Denial of service in GJSON
High
CVE-2020-35380
was published
for
github.com/tidwall/gjson
(Go)
Jun 23, 2021
ProTip!
Advisories are also available from the
GraphQL API