Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,311 advisories

Loading
JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits. Moderate Unreviewed
CVE-2025-27795 was published Mar 7, 2025
Some AES functions may panic when overflow checking is enabled in ring Moderate
GHSA-4p46-pwfr-66x6 was published for ring (Rust) Mar 7, 2025
Crash due to uncontrolled recursion in protobuf crate Moderate
CVE-2025-53605 was published for protobuf (Rust) Mar 7, 2025
morningstarxcdcode
Credited to morningstarxcdcode
PocketMine-MP allows malicious client data to waste server resources due to lack of limits for explode() Moderate
GHSA-g274-c6jj-h78p was published for pocketmine/pocketmine-mp (Composer) Mar 10, 2025
An issue was discovered in Datalust Seq before 2024.3.13545. Expansion of identifiers in message... Moderate Unreviewed
CVE-2025-27911 was published Mar 11, 2025
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double accounting... Moderate Unreviewed
CVE-2024-58089 was published Mar 12, 2025
In the Linux kernel, the following vulnerability has been resolved: powerpc/code-patching: Fix... Moderate Unreviewed
CVE-2025-21866 was published Mar 12, 2025
A vulnerability in the handling of specific packets that are punted from a line card to a route... High Unreviewed
CVE-2025-20141 was published Mar 12, 2025
A vulnerability in the Internet Key Exchange version 2 (IKEv2) function of Cisco IOS XR Software... High Unreviewed
CVE-2025-20209 was published Mar 12, 2025
Ruby SAML allows remote Denial of Service (DoS) with compressed SAML responses High
CVE-2025-25293 was published for ruby-saml (RubyGems) Mar 12, 2025
p-
Credited to p-
An issue was discovered in GitLab CE/EE affecting all versions before 17.7.7, 17.8 prior to 17.8... Moderate Unreviewed
CVE-2024-13054 was published Mar 13, 2025
An issue was discovered in GitLab EE affecting all versions starting with 12.3 before 17.7.7, 17... Moderate Unreviewed
CVE-2025-1257 was published Mar 13, 2025
Memory Exhaustion in Expr Parser with Unrestricted Input High
CVE-2025-29786 was published for github.com/expr-lang/expr (Go) Mar 17, 2025
thevilledev
Credited to thevilledev
jsPDF Bypass Regular Expression Denial of Service (ReDoS) High
CVE-2025-29907 was published for jspdf (npm) Mar 18, 2025
vLLM denial of service via outlines unbounded cache on disk Moderate
CVE-2025-29770 was published for vllm (pip) Mar 19, 2025
russellb
Credited to russellb
Realchar version v0.0.4 is vulnerable to an unauthenticated denial of service (DoS) attack. The... High Unreviewed
CVE-2024-10051 was published Mar 20, 2025
A vulnerability in haotian-liu/llava v1.2.0 allows an attacker to cause a Denial of Service (DoS)... High Unreviewed
CVE-2024-10225 was published Mar 20, 2025
An unauthenticated Denial of Service (DoS) vulnerability was identified in ChuanhuChatGPT version... High Unreviewed
CVE-2024-10650 was published Mar 20, 2025
A vulnerability in binary-husky/gpt_academic version 3.83 allows an attacker to cause a Denial of... High Unreviewed
CVE-2024-10714 was published Mar 20, 2025
HyperLPR Denial of Service vulnerability High
CVE-2024-10713 was published for hyperlpr3 (pip) Mar 20, 2025
automatic1111/stable-diffusion-webui version 1.10.0 contains a vulnerability where the server... High Unreviewed
CVE-2024-10935 was published Mar 20, 2025
In danny-avila/librechat version git 0c2a583, there is an improper input validation vulnerability... High Unreviewed
CVE-2024-11171 was published Mar 20, 2025
Open WebUI Uncontrolled Resource Consumption vulnerability High
CVE-2024-12537 was published for open-webui (npm) Mar 20, 2025
Aim Uncontrolled Resource Consumption vulnerability High
CVE-2024-12778 was published for aim (pip) Mar 20, 2025
H2O Vulnerable to Denial of Service (DoS) via `/3/ImportFiles` Endpoint High
CVE-2024-7768 was published for ai.h2o:h2o-core (Maven) Mar 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database