Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

8 advisories

Loading
DOS and excessive memory usage when passing untrusted user input to to dag import Moderate
GHSA-f2gr-7299-487h was published for github.com/ipfs/go-ipfs (Go) Jul 6, 2022
Jorropo avivdolev
Malformed CAR panics and excessive memory usage Moderate
GHSA-9x4h-8wgm-8xfg was published for github.com/ipld/go-car (Go) Jul 6, 2022
Jorropo rvagg
willscott masih BigLep
IPFS go-unixfsnode subject to DOS via HAMT Decoding Panics High
CVE-2023-23631 was published for github.com/ipfs/go-unixfsnode (Go) Feb 10, 2023
Jorropo
github.com/ipfs/kubo affected by DOS Bitswap unbounded persistent memory leak Moderate
GHSA-qvqg-6rp8-4p9h was published for github.com/ipfs/kubo (Go) May 11, 2023
Jorropo
IPFS go-bitfield vulnerable to DoS via malformed size arguments Moderate
CVE-2023-23626 was published for github.com/ipfs/go-bitfield (Go) Feb 10, 2023
Jorropo
github.com/ipfs/go-bitswap vulnerable to DOS unbounded persistent memory leak High
GHSA-q3j6-22wf-3jh9 was published for github.com/ipfs/go-bitswap (Go) May 11, 2023
Jorropo guseggert
Boxo bitswap/server: DOS unbounded persistent memory leak High
CVE-2023-25568 was published for github.com/ipfs/go-libipfs (Go) May 11, 2023
Jorropo guseggert
Denial of service via HAMT Decoding Panics Moderate
CVE-2023-23625 was published for github.com/ipfs/go-unixfs (Go) Feb 10, 2023
Jorropo
ProTip! Advisories are also available from the GraphQL API