Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,825
Erlang
36
GitHub Actions
32
Go
2,419
Maven
5,000+
npm
4,055
NuGet
723
pip
3,847
Pub
12
RubyGems
934
Rust
1,006
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,186 advisories

Loading
Duplicate Advisory: Denial of service via malicious preflight requests in github.com/rs/cors Low
GHSA-vh9x-phq6-fx54 was published for github.com/rs/cors (Go) Aug 6, 2025 withdrawn
FPDI allows Memory Exhaustion (OOM) in PDF Parser which leads to Denial of Service Moderate
CVE-2025-54869 was published for setasign/fpdi (Composer) Aug 5, 2025
N0zoM1z0
LiteSpeed QUIC (LSQUIC) Library before 4.3.1 has an lsquic_engine_packet_in memory leak. Moderate Unreviewed
CVE-2025-54939 was published Aug 1, 2025
OpenEXR Out-Of-Memory via Unbounded File Header Values Moderate
CVE-2025-48074 was published for OpenEXR (pip) Jul 31, 2025
suidpit ndaprela
TheZ3ro smaury
An unauthenticated remote attacker can cause a Denial of Service by sending a large number of... High Unreviewed
CVE-2025-2813 was published Jul 31, 2025
SixLabors ImageSharp Has Infinite Loop in GIF Decoder When Skipping Malformed Comment Extension Blocks Moderate
CVE-2025-54575 was published for SixLabors.ImageSharp (NuGet) Jul 30, 2025
whatevicanhaz
Ruby SAML DOS vulnerability with large SAML response Moderate
CVE-2025-54572 was published for ruby-saml (RubyGems) Jul 30, 2025
dblessing
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6,... Moderate Unreviewed
CVE-2025-43211 was published Jul 30, 2025
Allocation of Resources Without Limits or Throttling vulnerability in Kron Technologies Kron PAM... Moderate Unreviewed
CVE-2025-5253 was published Jul 25, 2025
IBM Security QRadar Network Threat Analytics 1.0.0 through 1.3.1 could allow a privileged user to... Moderate Unreviewed
CVE-2024-38335 was published Jul 22, 2025
Starlette has possible denial-of-service vector when parsing large files in multipart forms Moderate
CVE-2025-54121 was published for starlette (pip) Jul 21, 2025
HonakerM defnull
wai25
In Netgear RAX30 V1.0.10.94_3, the USERLIMIT_GLOBAL option is set to 0 in multiple bftpd-related... High Unreviewed
CVE-2025-44652 was published Jul 21, 2025
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). ... Moderate Unreviewed
CVE-2025-53032 was published Jul 15, 2025
py-libp2p is vulnerable to DoS attacks through use of large RSA keys Moderate
CVE-2025-29606 was published for libp2p (pip) Jul 14, 2025
Chall-Manager's HTTP Gateway is vulnerable to DoS due to missing header timeout High
CVE-2025-53634 was published for github.com/ctfer-io/chall-manager (Go) Jul 10, 2025
Successful exploitation of the vulnerability could allow an attacker to consume all available... Moderate Unreviewed
CVE-2025-48462 was published Jun 26, 2025
Successful exploitation of the vulnerability could allow an attacker to cause repeated reboots,... Moderate Unreviewed
CVE-2025-48467 was published Jun 26, 2025
Incus Allocation of Resources Without Limits allows firewall rule bypass on managed bridge networks Low
CVE-2025-52889 was published for github.com/lxc/incus/v6 (Go) Jun 26, 2025
obp-anssi
An issue has been discovered in GitLab CE/EE affecting all versions from 10.7 before 17.11.5, 18... Moderate Unreviewed
CVE-2025-3279 was published Jun 26, 2025
A denial-of-service vulnerability due to improper prioritization of network traffic over... High Unreviewed
CVE-2025-2403 was published Jun 24, 2025
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a remote attacker to... High Unreviewed
CVE-2025-3221 was published Jun 23, 2025
letmein connection limiter allows an arbitrary amount of simultaneous connections Moderate
CVE-2025-52570 was published for letmeind (Rust) Jun 23, 2025
The Yealink YMCS RPS API before 2025-05-26 lacks rate limiting, potentially enabling information... Moderate Unreviewed
CVE-2025-52917 was published Jun 22, 2025
Withdrawn Advisory: microlight allows a denial of service Low
CVE-2025-45526 was published for microlight (npm) Jun 17, 2025 withdrawn
Qix-
Apache Tomcat - DoS in multipart upload High
CVE-2025-48988 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jun 16, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database