GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
24 advisories
Filter by severity
Bref's Uploaded Files Not Deleted in Event-Driven Functions
Moderate
CVE-2024-24752
was published
for
bref/bref
(Composer)
Feb 1, 2024
phpseclib does not properly limit the ASN1 OID length
High
CVE-2024-27355
was published
for
phpseclib/phpseclib
(Composer)
Mar 2, 2024
phpseclib a large prime can cause a denial of service
High
CVE-2024-27354
was published
for
phpseclib/phpseclib
(Composer)
Mar 2, 2024
Denial of Service (DoS) attack possibility in TYPO3 component Indexed Search
Moderate
GHSA-pmxp-7224-h794
was published
for
typo3/cms
(Composer)
Jun 4, 2024
SilverStripe framework XML Quadratic Blowup Attack
Moderate
GHSA-g43w-98wp-m694
was published
for
silverstripe/framework
(Composer)
May 23, 2024
Wikimedia Potential DOS due to slow WatchedItemStore::countVisitingWatchersMultiple
High
CVE-2019-12473
was published
for
mediawiki/core
(Composer)
May 24, 2022
TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController
Moderate
CVE-2024-34358
was published
for
typo3/cms-core
(Composer)
May 14, 2024
phpMyAdmin Denial Of Service (DOS) attack
High
CVE-2016-5706
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 14, 2022
Moodle denial-of-service risk in the draft files area
High
CVE-2021-32476
was published
for
moodle/moodle
(Composer)
Mar 12, 2022
Moodle Client side denial of service via personal message
Moderate
CVE-2021-20185
was published
for
moodle/moodle
(Composer)
May 24, 2022
FriendsOfSymfony FOSUserBundle denial of service via login form
Moderate
CVE-2013-5750
was published
for
friendsofsymfony/user-bundle
(Composer)
May 17, 2022
Moodle Denial of Service
High
CVE-2020-25630
was published
for
moodle/moodle
(Composer)
May 24, 2022
Slow String Operations via MultiPart Requests in Event-Driven Functions
Moderate
CVE-2024-29186
was published
for
bref/bref
(Composer)
Mar 22, 2024
Uncontrolled Resource Consumption in moodle
High
CVE-2024-25978
was published
for
moodle/moodle
(Composer)
Feb 19, 2024
PHP OpenID Library Denial of Service vulnerability
High
CVE-2013-4701
was published
for
openid/php-openid
(Composer)
May 17, 2022
DOMPDF denial of service vulnerability
Moderate
CVE-2014-5012
was published
for
dompdf/dompdf
(Composer)
May 17, 2022
phpseclib vulnerable to denial of service
High
CVE-2023-49316
was published
for
phpseclib/phpseclib
(Composer)
Nov 27, 2023
pocketmine/raklib reliable-ordered queue size is unlimited, allowing a session to hog server memory
Moderate
GHSA-w98g-5fmx-wm4x
was published
for
pocketmine/raklib
(Composer)
Nov 15, 2023
ReactPHP's HTTP server continues parsing unused multipart parts after reaching input field and file upload limits
Moderate
CVE-2023-26044
was published
for
react/http
(Composer)
May 17, 2023
Silverstripe GraphQL has DDOS Vulnerability due to lack of protection against recursive queries
High
CVE-2023-40180
was published
for
silverstripe/graphql
(Composer)
Oct 17, 2023
PocketMine MP vulnerable to uncontrolled resource consumption via mismatched type of 'InventoryTransactionPacket'
Moderate
GHSA-42qm-8v8m-m78c
was published
for
pocketmine/pocketmine-mp
(Composer)
Jun 1, 2023
Moodle vulnerable to Uncontrolled Resource Consumption
High
CVE-2021-36395
was published
for
moodle/moodle
(Composer)
Mar 6, 2023
Denial of Service via Cache Flooding
Low
GHSA-p68v-frgx-4rjp
was published
for
shopware/core
(Composer)
Oct 19, 2020
Exploitable inventory component chaining in PocketMine-MP
High
GHSA-8jq6-w5cg-wm45
was published
for
pocketmine/pocketmine-mp
(Composer)
Nov 11, 2020
ProTip!
Advisories are also available from the
GraphQL API