Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

947 advisories

Loading
Gradio Vulnerable to Denial of Service (DoS) via Crafted HTTP Request High
CVE-2024-10624 was published for gradio (pip) Mar 20, 2025
H2O Vulnerable to Denial of Service (DoS) and File Write High
CVE-2024-10572 was published for ai.h2o:h2o-ext-xgboost (Maven) Mar 20, 2025
H2O Vulnerable to Denial of Service (DoS) via `/3/Parse` Endpoint High
CVE-2024-10549 was published for ai.h2o:h2o-core (Maven) Mar 20, 2025
LiteLLM Vulnerable to Denial of Service (DoS) High
CVE-2024-10188 was published for litellm (pip) Mar 20, 2025
Aim Vulnerable to Denial of Service (DoS) High
CVE-2024-10110 was published for aim (pip) Mar 20, 2025
OpenShift Hive Has an Uncontrolled Resource Consumption Vulnerability Moderate
CVE-2024-25132 was published for github.com/openshift/hive (Go) Mar 19, 2025
jsPDF Bypass Regular Expression Denial of Service (ReDoS) High
CVE-2025-29907 was published for jspdf (npm) Mar 18, 2025
PostQuantum-Feldman-VSS'S Dependency Vulnerability in gmpy2 Leading to Interpreter Crash High
GHSA-v432-7f47-9g94 was published for PostQuantum-Feldman-VSS (pip) Mar 17, 2025
DavidOsipov
Credited to DavidOsipov
Ruby SAML allows remote Denial of Service (DoS) with compressed SAML responses High
CVE-2025-25293 was published for ruby-saml (RubyGems) Mar 12, 2025
p-
Credited to p-
CGI has Denial of Service (DoS) potential in Cookie.parse Moderate
CVE-2025-27219 was published for cgi (RubyGems) Mar 3, 2025
Goroutine Leak in Abacus SSE Implementation High
CVE-2025-27421 was published for github.com/jasonlovesdoggo/abacus (Go) Mar 3, 2025
JasonLovesDoggo
Credited to JasonLovesDoggo
DoS in go-jose Parsing Moderate
CVE-2025-27144 was published for github.com/go-jose/go-jose (Go) Feb 24, 2025
lakeFS allows an authenticated user to cause a crash by exhausting server memory Moderate
CVE-2025-27100 was published for github.com/treeverse/lakefs (Go) Feb 21, 2025
arielshaqed ItamarYuran
Credited to arielshaqed and ItamarYuran
Node Denial of Service via kubelet Checkpoint API Moderate
CVE-2025-0426 was published for k8s.io/kubernetes (Go) Feb 13, 2025
Denial of Service attack on windows app using Netty Moderate
CVE-2025-25193 was published for io.netty:netty-common (Maven) Feb 10, 2025
chrisvest navzen2000
henrikplate JensBoening1337 jfposton
Credited to chrisvest, navzen2000, henrikplate, JensBoening1337, and jfposton
Possible DoS by memory exhaustion in net-imap Moderate
CVE-2025-25186 was published for net-imap (RubyGems) Feb 10, 2025
manunio nevans
Credited to manunio and nevans
Apache James vulnerable to denial of service through the use of IMAP literals High
CVE-2024-37358 was published for org.apache.james.protocols:protocols-imap (Maven) Feb 6, 2025
Apache James vulnerable to denial of service through JMAP HTML to text conversion High
CVE-2024-45626 was published for org.apache.james:james-server-jmap-draft (Maven) Feb 6, 2025
eazy-logger prototype pollution High
CVE-2024-57075 was published for eazy-logger (npm) Feb 6, 2025
RDIL FeBe95
Credited to RDIL and FeBe95
@zag-js/core prototype pollution High
CVE-2024-57079 was published for @zag-js/core (npm) Feb 6, 2025
taraspos
Credited to taraspos
@stryker-mutator/util vulnerable to Prototype Pollution High
CVE-2024-57085 was published for @stryker-mutator/util (npm) Feb 6, 2025
saip-loginsoft saip007
Credited to saip-loginsoft and saip007
Apache Wicket: An attacker can intentionally trigger a memory leak Moderate
CVE-2024-53299 was published for org.apache.wicket:wicket-core (Maven) Jan 23, 2025
raboof
Credited to raboof
Excessive Platform Resource Consumption within a Loop when unmarshalling Compose file having recursive loop Moderate
CVE-2024-10846 was published for github.com/compose-spec/compose-go/v2 (Go) Jan 21, 2025
ahollmann idsulik
thaJeztah glours gbrindisi
Credited to ahollmann, idsulik, thaJeztah, glours, and gbrindisi
Apache CXF: Denial of Service vulnerability with temporary files High
CVE-2025-23184 was published for org.apache.cxf:cxf-core (Maven) Jan 21, 2025
go-git clients vulnerable to DoS via maliciously crafted Git server replies High
CVE-2025-21614 was published for github.com/go-git/go-git (Go) Jan 6, 2025
bdilalu
Credited to bdilalu
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database