Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,311 advisories

Loading
Django has a denial-of-service possibility in strip_tags() Moderate
CVE-2025-32873 was published for Django (pip) May 8, 2025
When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses... High Unreviewed
CVE-2025-36504 was published May 8, 2025
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1... Moderate Unreviewed
CVE-2025-0915 was published May 5, 2025
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1... Moderate Unreviewed
CVE-2025-1000 was published May 5, 2025
OPA server Data API HTTP path injection of Rego High
CVE-2025-46569 was published for github.com/open-policy-agent/opa (Go) May 1, 2025
GamrayW HyouKash
AdrienIT
Credited to GamrayW, HyouKash, and AdrienIT
Volcano Scheduler Denial of Service via Unbounded Response from Elastic Service/extender Plugin High
CVE-2025-32777 was published for volcano.sh/volcano (Go) Apr 30, 2025
kevin-wangzefeng Monokaix
AdamKorcz
Credited to kevin-wangzefeng, Monokaix, and AdamKorcz
A vulnerability in the web application of ctrlX OS allows a remote authenticated (low-privileged)... Moderate Unreviewed
CVE-2025-24341 was published Apr 30, 2025
Data exposure via ZeroMQ on multi-node vLLM deployment High
CVE-2025-30202 was published for vllm (pip) Apr 29, 2025
russellb kexinoh
Credited to russellb and kexinoh
net-imap rubygem vulnerable to possible DoS by memory exhaustion Moderate
CVE-2025-43857 was published for net-imap (RubyGems) Apr 28, 2025
Masamuneee nevans
Credited to Masamuneee and nevans
quickjs-ng through 0.9.0 has a missing length check in JS_ReadString for a string, leading to a... Moderate Unreviewed
CVE-2025-46687 was published Apr 27, 2025
GraphQL Armor Cost-Limit Plugin Bypass via Introspection Query Obfuscation Moderate
GHSA-733v-p3h5-qpq7 was published for @escape.tech/graphql-armor-cost-limit (npm) Apr 25, 2025
M0ngi EvertEt
Credited to M0ngi and EvertEt
Denial of service due to allocation of resources without limits. The following products are... Moderate Unreviewed
CVE-2025-30409 was published Apr 24, 2025
An issue has been discovered affecting service availability via issue preview in GitLab CE/EE... Moderate Unreviewed
CVE-2025-0639 was published Apr 24, 2025
Mattermost Playbooks fails to validate the uniqueness and quantity of task actions Moderate
CVE-2025-35965 was published for github.com/mattermost/mattermost-plugin-playbooks (Go) Apr 24, 2025
Cuba has a DoS in the File Storage Moderate
CVE-2025-32959 was published for com.haulmont.cuba:cuba-core (Maven) Apr 22, 2025
io.jmix.localfs:jmix-localfs affected by DoS in the Local File Storage Moderate
CVE-2025-32952 was published for io.jmix.localfs:jmix-localfs (Maven) Apr 22, 2025
AnonySE26
Credited to AnonySE26
Allocation of Resources Without Limits or Throttling vulnerability in Drupal Stage File Proxy... Moderate Unreviewed
CVE-2025-3734 was published Apr 16, 2025
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). ... Moderate Unreviewed
CVE-2025-30688 was published Apr 15, 2025
vLLM vulnerable to Denial of Service by abusing xgrammar cache Moderate
GHSA-hf3c-wxg2-49q9 was published for vllm (pip) Apr 15, 2025
russellb
Credited to russellb
golang.org/x/crypto Vulnerable to Denial of Service (DoS) via Slow or Incomplete Key Exchange High
CVE-2025-22869 was published for golang.org/x/crypto (Go) Apr 12, 2025
SurrealDB no JavaScript script function default timeout could facilitate DoS Low
GHSA-3824-qmfq-2qv7 was published for surrealdb (Rust) Apr 11, 2025
cure53
Credited to cure53
IBM QRadar WinCollect Agent 10.0 through 10.1.13 could allow a remote attacker to cause a denial... Moderate Unreviewed
CVE-2024-51461 was published Apr 11, 2025
A denial-of-service (DoS) vulnerability in Palo Alto Networks Prisma® SD-WAN ION devices enables... Moderate Unreviewed
CVE-2025-0122 was published Apr 11, 2025
A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all up to 17.8.7,... Moderate Unreviewed
CVE-2025-1677 was published Apr 10, 2025
Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination Moderate
CVE-2025-32386 was published for helm.sh/helm/v3 (Go) Apr 10, 2025
jake-ciolek
Credited to jake-ciolek
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database