Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,645
Maven
5,000+
npm
4,271
NuGet
760
pip
4,065
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,316 advisories

Loading
Prototype Pollution in lodash High
CVE-2020-8203 was published for lodash (RubyGems) Jul 15, 2020
mitchell-codecov jkmartindale
bengry greengeko tompazourek G-Rath
Credited to mitchell-codecov, jkmartindale, bengry, greengeko, tompazourek, and G-Rath
Liferay Portal and Liferay DXP have a Denial Of Service via File Upload (DOS) vulnerability Moderate
CVE-2025-43736 was published for com.liferay.portal:release.dxp.bom (Maven) Aug 12, 2025
Allocation of resources without limits or throttling in Windows DirectX allows an authorized... Moderate Unreviewed
CVE-2025-50172 was published Aug 12, 2025
A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801,... High Unreviewed
CVE-2023-39269 was published Aug 8, 2023
A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V10.0), SIPROTEC... Low Unreviewed
CVE-2025-40570 was published Aug 12, 2025
In Netgear RAX30 V1.0.10.94_3, the USERLIMIT_GLOBAL option is set to 0 in multiple bftpd-related... High Unreviewed
CVE-2025-44652 was published Jul 21, 2025
Denial of service via malicious preflight requests in github.com/rs/cors Moderate
CVE-2025-47908 was published for github.com/rs/cors (Go) Jul 5, 2024
Duplicate Advisory: Denial of service via malicious preflight requests in github.com/rs/cors Low
GHSA-vh9x-phq6-fx54 was published for github.com/rs/cors (Go) Aug 6, 2025 withdrawn
FPDI allows Memory Exhaustion (OOM) in PDF Parser which leads to Denial of Service Moderate
CVE-2025-54869 was published for setasign/fpdi (Composer) Aug 5, 2025
N0zoM1z0
Credited to N0zoM1z0
Crash due to uncontrolled recursion in protobuf crate Moderate
CVE-2025-53605 was published for protobuf (Rust) Mar 7, 2025
morningstarxcdcode
Credited to morningstarxcdcode
OpenEXR Out-Of-Memory via Unbounded File Header Values Moderate
CVE-2025-48074 was published for OpenEXR (pip) Jul 31, 2025
suidpit ndaprela
TheZ3ro smaury
Credited to suidpit, ndaprela, TheZ3ro, and smaury
An unauthenticated remote attacker can cause a Denial of Service by sending a large number of... High Unreviewed
CVE-2025-2813 was published Jul 31, 2025
SixLabors ImageSharp Has Infinite Loop in GIF Decoder When Skipping Malformed Comment Extension Blocks Moderate
CVE-2025-54575 was published for SixLabors.ImageSharp (NuGet) Jul 30, 2025
whatevicanhaz
Credited to whatevicanhaz
Allocation of Resources Without Limits or Throttling vulnerability in Kron Technologies Kron PAM... Moderate Unreviewed
CVE-2025-5253 was published Jul 25, 2025
IBM Security QRadar Network Threat Analytics 1.0.0 through 1.3.1 could allow a privileged user to... Moderate Unreviewed
CVE-2024-38335 was published Jul 22, 2025
Starlette has possible denial-of-service vector when parsing large files in multipart forms Moderate
CVE-2025-54121 was published for starlette (pip) Jul 21, 2025
HonakerM defnull
wai25
Credited to HonakerM, defnull, and wai25
Apache James vulnerable to denial of service through the use of IMAP literals High
CVE-2024-37358 was published for org.apache.james.protocols:protocols-imap (Maven) Feb 6, 2025
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). ... Moderate Unreviewed
CVE-2025-53032 was published Jul 15, 2025
py-libp2p is vulnerable to DoS attacks through use of large RSA keys Moderate
CVE-2025-29606 was published for libp2p (pip) Jul 14, 2025
Liferay Portal and Liferay DXP vulnerable to email spam via lack of flagging rate Moderate
CVE-2021-33320 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a crash in the... Moderate Unreviewed
CVE-2018-6869 was published May 13, 2022
The Yealink YMCS RPS API before 2025-05-26 lacks rate limiting, potentially enabling information... Moderate Unreviewed
CVE-2025-52917 was published Jun 22, 2025
Incus Allocation of Resources Without Limits allows firewall rule bypass on managed bridge networks Low
CVE-2025-52889 was published for github.com/lxc/incus/v6 (Go) Jun 26, 2025
obp-anssi
Credited to obp-anssi
letmein connection limiter allows an arbitrary amount of simultaneous connections Moderate
CVE-2025-52570 was published for letmeind (Rust) Jun 23, 2025
A denial-of-service vulnerability due to improper prioritization of network traffic over... High Unreviewed
CVE-2025-2403 was published Jun 24, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database