GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
15 advisories
Filter by severity
Pyopenssl Incorrect Memory Management
High
CVE-2018-1000808
was published
for
pyopenssl
(pip)
Oct 10, 2018
Improper Resource Shutdown or Release in HashiCorp Vault
High
CVE-2020-7220
was published
for
github.com/hashicorp/vault
(Go)
Jul 28, 2021
Improper Resource Shutdown or Release in TYPO3 extension
High
CVE-2021-38623
was published
for
webcoast/deferred-image-processing
(Composer)
Aug 30, 2021
Puma used with Rails may lead to Information Exposure
High
CVE-2022-23634
was published
for
puma
(RubyGems)
Feb 11, 2022
Denial of Service in Packetbeat
High
CVE-2017-11480
was published
for
github.com/elastic/beats
(Go)
Feb 15, 2022
Resource leakage when decoding certificates and keys
High
CVE-2022-1473
was published
for
openssl-src
(Rust)
May 4, 2022
Improper Resource Shutdown or Release in Apache Tomcat
High
CVE-2017-5650
was published
for
org.apache.tomcat:tomcat
(Maven)
May 13, 2022
Improper socket reuse in Apache Tomcat
High
CVE-2022-25762
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Jetty SslConnection does not release pooled ByteBuffers in case of errors
High
CVE-2022-2191
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Jul 7, 2022
Failing DTLS handshakes may cause throttling to block processing of records
High
CVE-2022-39368
was published
for
org.eclipse.californium:scandium
(Maven)
Nov 9, 2022
HuTool vulnerable to Uncontrolled Resource Consumption
High
CVE-2022-4565
was published
for
cn.hutool:hutool-core
(Maven)
Dec 16, 2022
active_attr Improper Resource Shutdown or Release vulnerability
High
CVE-2021-4250
was published
for
active_attr
(RubyGems)
Dec 19, 2022
GoPistolet vulnerable to Improper Resource Shutdown or Release
High
CVE-2015-10085
was published
for
github.com/gopistolet/gopistolet
(Go)
Feb 21, 2023
CoreWCF NetFraming based services can leave connections open when they should be closed
High
CVE-2024-28252
was published
for
CoreWCF.NetFramingBase
(NuGet)
Mar 15, 2024
Traefik vulnerable to denial of service with Content-length header
High
CVE-2024-28869
was published
for
github.com/traefik/traefik
(Go)
Apr 12, 2024
ProTip!
Advisories are also available from the
GraphQL API