Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

635 advisories

Loading
Memory Exhaustion in Expr Parser with Unrestricted Input High
CVE-2025-29786 was published for github.com/expr-lang/expr (Go) Mar 17, 2025
thevilledev
Credited to thevilledev
Ruby SAML allows remote Denial of Service (DoS) with compressed SAML responses High
CVE-2025-25293 was published for ruby-saml (RubyGems) Mar 12, 2025
p-
Credited to p-
A vulnerability in the Internet Key Exchange version 2 (IKEv2) function of Cisco IOS XR Software... High Unreviewed
CVE-2025-20209 was published Mar 12, 2025
A vulnerability in the handling of specific packets that are punted from a line card to a route... High Unreviewed
CVE-2025-20141 was published Mar 12, 2025
DoS Vulnerability in TraceContextPropagator.Extract - OpenTelemetry.Api High
GHSA-vc29-vg52-6643 was published for OpenTelemetry.AutoInstrumentation (NuGet) Mar 6, 2025
An issue was discovered in Atos Eviden BullSequana XH2140 BMC before C4EM-125: OMF_C4E 101.05... High Unreviewed
CVE-2024-46933 was published Feb 20, 2025
Monero through 0.18.3.4 before ec74ff4 does not have response limits on HTTP server connections. High Unreviewed
CVE-2025-26819 was published Feb 15, 2025
Mercedes Benz head-unit NTG 6 contains functions to import or export profile settings over USB.... High Unreviewed
CVE-2023-34397 was published Feb 14, 2025
CWE-770: Allocation of Resources Without Limits or Throttling vulnerability exists that could... High Unreviewed
CVE-2025-1059 was published Feb 13, 2025
An issue in the profile image upload function of LearnDash v6.7.1 allows attackers to cause a... High Unreviewed
CVE-2024-56940 was published Feb 13, 2025
Apache James vulnerable to denial of service through the use of IMAP literals High
CVE-2024-37358 was published for org.apache.james.protocols:protocols-imap (Maven) Feb 6, 2025
When BIG-IP AFM is provisioned with IPS module enabled and protocol inspection profile is... High Unreviewed
CVE-2025-24312 was published Feb 5, 2025
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.7 prior to... High Unreviewed
CVE-2024-2878 was published Feb 5, 2025
Clients using DNS-over-HTTPS (DoH) can exhaust a DNS resolver's CPU and/or memory by flooding it... High Unreviewed
CVE-2024-12705 was published Jan 30, 2025
An issue in Open5GS v.2.7.2 allows a remote attacker to cause a denial of service via the... High Unreviewed
CVE-2024-57519 was published Jan 29, 2025
In AXESS ACS (Auto Configuration Server) through 5.2.0, unsanitized user input in the TR069 API... High Unreviewed
CVE-2024-56316 was published Jan 28, 2025
An allocation-size-too-big bug in the component /imagebuf.cpp of OpenImageIO v3.1.0.0dev may... High Unreviewed
CVE-2024-55195 was published Jan 24, 2025
Unlimited consumption of resources in @fastify/multipart High
CVE-2025-24033 was published for @fastify/multipart (npm) Jan 23, 2025
lunasvg v3.0.0 was discovered to contain a allocation-size-too-big bug via the component... High Unreviewed
CVE-2024-57722 was published Jan 23, 2025
Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a... High Unreviewed
CVE-2023-37014 was published Jan 22, 2025
Open5GS MME versions <= 2.6.4 contain a reachable assertion in the `UE Context Release Request`... High Unreviewed
CVE-2023-37022 was published Jan 22, 2025
In multiple locations, there is a possible failure to persist permissions settings due to... High Unreviewed
CVE-2024-49735 was published Jan 22, 2025
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component:... High Unreviewed
CVE-2025-21545 was published Jan 21, 2025
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)... High Unreviewed
CVE-2025-21549 was published Jan 21, 2025
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). ... High Unreviewed
CVE-2025-21521 was published Jan 21, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database