Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

7 advisories

Loading
Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC High
CVE-2024-36129 was published for go.opentelemetry.io/collector/config/configgrpc (Go) Jun 5, 2024
jpkrohling arminru
mx-psi stamparm
go-codec-dagpb vulnerable to panic when decoding invalid blocks High
CVE-2022-2584 was published for github.com/ipld/go-codec-dagpb (Go) Dec 28, 2022
xmlquery lacks check for whether LoadURL response is in XML format, causing denial of service Critical
CVE-2020-25614 was published for github.com/antchfx/xmlquery (Go) Oct 7, 2022
Out of bounds memory access in github.com/open-policy-agent/opa High
CVE-2022-28946 was published for github.com/open-policy-agent/opa (Go) May 20, 2022
golang.org/x/net/html has Improper Restriction of Operations within the Bounds of a Memory Buffer High
CVE-2018-17847 was published for golang.org/x/net (Go) May 13, 2022
golang.org/x/net/html has Improper Restriction of Operations within the Bounds of a Memory Buffer High
CVE-2018-17143 was published for golang.org/x/net (Go) May 13, 2022
ipld/go-codec-dagpb panics when processing certain blocks High
GHSA-g3vv-g2j5-45f2 was published for github.com/ipld/go-codec-dagpb (Go) Apr 8, 2022
ProTip! Advisories are also available from the GraphQL API