GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
29 advisories
Filter by severity
Pyopenssl Incorrect Memory Management
High
CVE-2018-1000808
was published
for
pyopenssl
(pip)
Oct 10, 2018
Missing Release of Memory after Effective Lifetime in Apache Tika
Moderate
CVE-2020-9489
was published
for
org.apache.tika:tika
(Maven)
May 7, 2021
Missing release of memory in sized-chunks
High
CVE-2020-25795
was published
for
sized-chunks
(Rust)
Aug 25, 2021
Missing release of memory in sized-chunks
High
CVE-2020-25794
was published
for
sized-chunks
(Rust)
Aug 25, 2021
crossbeam-channel Undefined Behavior before v0.4.4
High
CVE-2020-15254
was published
for
crossbeam-channel
(Rust)
Aug 25, 2021
Missing Release of Memory after Effective Lifetime in detect-character-encoding
High
CVE-2021-39176
was published
for
detect-character-encoding
(npm)
Sep 1, 2021
Memory leak in decoding PNG images
Moderate
CVE-2022-23585
was published
for
tensorflow
(pip)
Feb 9, 2022
Wildfly-OpenSSL memory leak flaw
High
CVE-2020-25644
was published
for
org.wildfly.openssl:wildfly-openssl-natives-parent
(Maven)
May 24, 2022
Uncontrolled Resource Consumption in WildFly
Moderate
CVE-2020-25689
was published
for
org.wildfly:wildfly-dist
(Maven)
May 24, 2022
Missing permission checks in Jenkins Chaos Monkey Plugin
High
CVE-2020-2322
was published
for
io.jenkins.plugins:chaos-monkey
(Maven)
May 24, 2022
Wildfly has a memory leak vulnerability
Moderate
CVE-2020-27822
was published
for
org.wildfly:wildfly-parent
(Maven)
May 24, 2022
NFStream Local Denial of Service (DoS)
Moderate
CVE-2020-25340
was published
for
nfstream
(pip)
May 24, 2022
Undertow vulnerable to memory exhaustion due to buffer leak
High
CVE-2021-3690
was published
for
io.undertow:undertow-core
(Maven)
Jul 15, 2022
containerd CRI stream server vulnerable to host memory exhaustion via terminal
Moderate
CVE-2022-23471
was published
for
github.com/containerd/containerd
(Go)
Dec 7, 2022
CometBFT PeerState JSON serialization deadlock
Moderate
CVE-2023-34450
was published
for
github.com/cometbft/cometbft
(Go)
Jul 5, 2023
CometBFT may duplicate transactions in the mempool's data structures
High
CVE-2023-34451
was published
for
github.com/cometbft/cometbft
(Go)
Jul 5, 2023
MsQuic Remote Denial of Service Vulnerability
High
CVE-2023-36435
was published
for
Microsoft.Native.Quic.MsQuic.OpenSSL
(NuGet)
Oct 10, 2023
memory leak flaw was found in ruby-magick
Moderate
CVE-2023-5349
was published
for
rmagick
(RubyGems)
Oct 30, 2023
HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability
High
CVE-2023-5954
was published
for
github.com/hashicorp/vault
(Go)
Nov 9, 2023
tokio-boring vulnerable to resource exhaustion via memory leak
Moderate
CVE-2023-6180
was published
for
tokio-boring
(Rust)
Dec 5, 2023
OpenFGA denial of service
Moderate
CVE-2024-23820
was published
for
github.com/openfga/openfga
(Go)
Jan 26, 2024
fetch(url) leads to a memory leak in undici
Moderate
CVE-2024-24750
was published
for
undici
(npm)
Feb 16, 2024
Remote Denial of Service Vulnerability in Microsoft QUIC
High
GHSA-2x7m-gf85-3745
was published
for
Microsoft.Native.Quic.MsQuic.OpenSSL
(NuGet)
Mar 13, 2024
Memory leaks in code encrypting and verifying RSA payloads
High
CVE-2024-1394
was published
for
github.com/golang-fips/go
(Go)
Mar 20, 2024
ProTip!
Advisories are also available from the
GraphQL API