Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,645
Maven
5,000+
npm
4,271
NuGet
760
pip
4,065
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,316 advisories

Loading
Bouncy Castle for Java on All (API modules) allows Excessive Allocation Moderate
CVE-2025-8885 was published for org.bouncycastle:bc-fips (Maven) Aug 12, 2025
xnox
Credited to xnox
PocketMine-MP `ResourcePackDataInfoPacket` amplification vulnerability due to lack of resource pack sequence status checking High
GHSA-fqqv-56h5-f57g was published for pocketmine/pocketmine-mp (Composer) Sep 2, 2025
Zwuiix-cmd dktapps
Credited to Zwuiix-cmd and dktapps
CRI-O has Potential High Memory Consumption from File Read Moderate
CVE-2025-4437 was published for github.com/cri-o/cri-o (Go) Aug 20, 2025
github.com/ulikunitz/xz leaks memory when decoding a corrupted multiple LZMA archives Moderate
CVE-2025-58058 was published for github.com/ulikunitz/xz (Go) Aug 28, 2025
HashiCorp Vault Community Edition Denial of Service Though Complex JSON Payloads High
CVE-2025-6203 was published for github.com/hashicorp/vault (Go) Aug 28, 2025
Rancher affected by unauthenticated Denial of Service High
CVE-2024-58259 was published for github.com/rancher/rancher (Go) Aug 29, 2025
An issue has been discovered in GitLab CE/EE affecting all versions from 14.1 before 18.1.5, 18.2... Moderate Unreviewed
CVE-2025-4225 was published Aug 27, 2025
An issue has been discovered in GitLab CE/EE affecting all versions from 8.15 before 18.1.5, 18.2... Moderate Unreviewed
CVE-2025-3601 was published Aug 27, 2025
LiteSpeed QUIC (LSQUIC) Library before 4.3.1 has an lsquic_engine_packet_in memory leak. Moderate Unreviewed
CVE-2025-54939 was published Aug 1, 2025
go-git clients vulnerable to DoS via maliciously crafted Git server replies High
CVE-2025-21614 was published for github.com/go-git/go-git (Go) Jan 6, 2025
bdilalu
Credited to bdilalu
Liferay Portal users can upload an unlimited amount of files Moderate
CVE-2025-43762 was published for com.liferay:com.liferay.dynamic.data.mapping.form.field.type (Maven) Aug 22, 2025
Liferay Portal's Unlimited File Upload Could Result in DoS Moderate
CVE-2025-43752 was published for com.liferay.portal:release.portal.bom (Maven) Aug 22, 2025
A denial-of-service vulnerability was reported in some Lenovo printers that could allow an... Moderate Unreviewed
CVE-2024-5209 was published Aug 16, 2024
A denial-of-service vulnerability was reported in some Lenovo printers that could allow an... Moderate Unreviewed
CVE-2024-6004 was published Aug 16, 2024
A denial-of-service vulnerability was reported in some Lenovo printers that could allow an... Moderate Unreviewed
CVE-2024-5210 was published Aug 16, 2024
A denial-of-service vulnerability was reported in some Lenovo printers that could allow an... Moderate Unreviewed
CVE-2024-4781 was published Aug 16, 2024
A denial-of-service vulnerability was reported in some Lenovo printers that could allow an... Moderate Unreviewed
CVE-2024-4782 was published Aug 16, 2024
IBM 4769 Developers Toolkit 7.0.0 through 7.5.52 could allow a remote attacker to cause a denial... High Unreviewed
CVE-2025-3632 was published May 12, 2025
A maliciously crafted .usdc file, when loaded through Autodesk Maya, can force an uncontrolled... Moderate Unreviewed
CVE-2025-4605 was published Jun 11, 2025
On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker... High Unreviewed
CVE-2021-21000 was published May 24, 2022
Chall-Manager's HTTP Gateway is vulnerable to DoS due to missing header timeout High
CVE-2025-53634 was published for github.com/ctfer-io/chall-manager (Go) Jul 10, 2025
Helm Charts with Specific JSON Schema Values Can Cause Memory Exhaustion Moderate
CVE-2025-55199 was published for helm.sh/helm/v3 (Go) Aug 14, 2025
jake-ciolek
Credited to jake-ciolek
PyPDF's Manipulated FlateDecode streams can exhaust RAM Moderate
CVE-2025-55197 was published for pypdf (pip) Aug 13, 2025
jakiki6 stefan6419846
Credited to jakiki6 and stefan6419846
An issue has been discovered in GitLab CE/EE affecting all versions from 8.14 before 18.0.6, 18.1... Moderate Unreviewed
CVE-2025-1477 was published Aug 13, 2025
An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 18.0.6, 18.1... Moderate Unreviewed
CVE-2025-2614 was published Aug 13, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database