Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,645
Maven
5,000+
npm
4,271
NuGet
760
pip
4,065
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,316 advisories

Loading
Tornado vulnerable to excessive logging caused by malformed multipart form data High
CVE-2025-47287 was published for tornado (pip) May 16, 2025
Startr4ck awsactran
Credited to Startr4ck and awsactran
image-size Denial of Service via Infinite Loop during Image Processing High
GHSA-m5qc-5hw7-8vg7 was published for image-size (npm) Apr 2, 2025
dellalibera TheFrankemon
Credited to dellalibera and TheFrankemon
io.jmix.localfs:jmix-localfs affected by DoS in the Local File Storage Moderate
CVE-2025-32952 was published for io.jmix.localfs:jmix-localfs (Maven) Apr 22, 2025
AnonySE26
Credited to AnonySE26
An e-mail flooding vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11,... Moderate Unreviewed
CVE-2025-48738 was published May 23, 2025
An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 17.10.7, 17... Moderate Unreviewed
CVE-2024-7803 was published May 23, 2025
Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information... Moderate Unreviewed
CVE-2021-28715 was published Jan 7, 2022
An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before... High Unreviewed
CVE-2025-0993 was published May 22, 2025
An issue has been discovered in GitLab CE/EE affecting all versions from 10.2 before 17.10.7, 17... Moderate Unreviewed
CVE-2025-3111 was published May 22, 2025
An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before... Moderate Unreviewed
CVE-2025-2853 was published May 22, 2025
Babylon Integer Overflow in Distribution Module CumulativeRewardRatio Calculation Leading to Chain Halt High
GHSA-869w-47c6-fq8q was published for github.com/babylonlabs-io/babylon (Go) May 15, 2025
Allocation of Resources Without Limits or Throttling vulnerability in Drupal Events Log Track... High Unreviewed
CVE-2025-4416 was published May 21, 2025
Django has a potential denial-of-service vulnerability in IPv6 validation Moderate
CVE-2024-56374 was published for Django (pip) Jan 14, 2025
zly123987
Credited to zly123987
Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows... Moderate Unreviewed
CVE-2025-29954 was published May 13, 2025
Uncontrolled resource consumption in Windows Deployment Services allows an unauthorized attacker... Moderate Unreviewed
CVE-2025-29957 was published May 13, 2025
Uncontrolled resource consumption in Remote Desktop Gateway Service allows an unauthorized... High Unreviewed
CVE-2025-26677 was published May 13, 2025
Mattermost fails to limit the size of a request path Low
CVE-2024-22091 was published for github.com/mattermost/mattermost-server (Go) Apr 26, 2024
Mattermost fails to limit the number of active sessions Moderate
CVE-2024-4183 was published for github.com/mattermost/mattermost-server (Go) Apr 26, 2024
In the Linux kernel, the following vulnerability has been resolved: dma-debug: prevent an error... Moderate Unreviewed
CVE-2021-47374 was published May 21, 2024
ring has some AES functions that may panic when overflow checking is enabled in Moderate
CVE-2025-4432 was published for ring (Rust) May 9, 2025
An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.1 prior to... Moderate Unreviewed
CVE-2024-8973 was published May 9, 2025
Django has a denial-of-service possibility in strip_tags() Moderate
CVE-2025-32873 was published for Django (pip) May 8, 2025
When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses... High Unreviewed
CVE-2025-36504 was published May 8, 2025
Volcano Scheduler Denial of Service via Unbounded Response from Elastic Service/extender Plugin High
CVE-2025-32777 was published for volcano.sh/volcano (Go) Apr 30, 2025
kevin-wangzefeng Monokaix
AdamKorcz
Credited to kevin-wangzefeng, Monokaix, and AdamKorcz
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to... Moderate Unreviewed
CVE-2022-42315 was published Nov 1, 2022
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to... Moderate Unreviewed
CVE-2022-42312 was published Nov 1, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database