Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,640
Maven
5,000+
npm
4,265
NuGet
760
pip
4,061
Pub
12
RubyGems
956
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,315 advisories

Loading
Finance.js vulnerable to DoS via the IRR function’s depth parameter High
CVE-2025-56571 was published for financejs (npm) Sep 30, 2025
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to a denial of service, caused by... Moderate Unreviewed
CVE-2025-36099 was published Sep 29, 2025
Denial of Service issue in GraphQL endpoints in Gitlab EE/CE affecting all versions from 11.10... High Unreviewed
CVE-2025-8014 was published Sep 27, 2025
An issue was discovered in GitLab CE/EE affecting all versions starting from 17.2 before 18.2.7,... Moderate Unreviewed
CVE-2025-11042 was published Sep 26, 2025
An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.2.7, 18.3... Low Unreviewed
CVE-2025-10867 was published Sep 26, 2025
An issue was discovered in GitLab CE/EE affecting all versions before 18.2.7, 18.3 before 18.3.3,... High Unreviewed
CVE-2025-10858 was published Sep 26, 2025
Rack has an unsafe default in Rack::QueryParser allows params_limit bypass via semicolon-separated parameters High
CVE-2025-59830 was published for rack (RubyGems) Sep 25, 2025
kwkr jeremyevans
ioquatix
Credited to kwkr, jeremyevans, and ioquatix
Temporal OSS Server Vulnerable to Allocation of Resources Without Limits or Throttling Moderate
CVE-2025-8396 was published for go.temporal.io/server (Go) Sep 15, 2025
libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a... High Unreviewed
CVE-2025-59375 was published Sep 15, 2025
IBM PowerVM Hypervisor FW950.00 through FW950.E0, FW1050.00 through FW1050.50, and FW1060.00... Moderate Unreviewed
CVE-2025-36035 was published Sep 14, 2025
Hono has Body Limit Middleware Bypass Moderate
CVE-2025-59139 was published for hono (npm) Sep 12, 2025
imenyoo2 mwlik
Credited to imenyoo2 and mwlik
An issue has been discovered in GitLab CE/EE affecting all versions from 15.0 before 18.1.6, 18.2... Moderate Unreviewed
CVE-2025-1250 was published Sep 12, 2025
An issue has been discovered in GitLab CE/EE affecting all versions from 7.8 before 18.1.6, 18.2... Moderate Unreviewed
CVE-2025-7337 was published Sep 12, 2025
Axios is vulnerable to DoS attack through lack of data size check High
CVE-2025-58754 was published for axios (npm) Sep 11, 2025
AmeerAssadi FeBe95
Credited to AmeerAssadi and FeBe95
IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7, and 10.0.8 could allow a remote... Moderate Unreviewed
CVE-2024-45669 was published Sep 10, 2025
Fides Webserver API Rate Limiting Vulnerability in Proxied Environments Moderate
CVE-2025-57816 was published for ethyca-fides (pip) Sep 8, 2025
daveqnet eastandwestwind
erosselli
Credited to daveqnet, eastandwestwind, and erosselli
xgrammar vulnerable to denial of service by huge enum grammar Moderate
CVE-2025-58446 was published for xgrammar (pip) Sep 5, 2025
xendo
Credited to xendo
The mikecao/flight PHP framework in versions prior to v1.2 is vulnerable to Denial of Service ... High Unreviewed
CVE-2014-125127 was published Sep 3, 2025
PocketMine-MP `ResourcePackDataInfoPacket` amplification vulnerability due to lack of resource pack sequence status checking High
GHSA-fqqv-56h5-f57g was published for pocketmine/pocketmine-mp (Composer) Sep 2, 2025
Zwuiix-cmd dktapps
Credited to Zwuiix-cmd and dktapps
Undertow MadeYouReset HTTP/2 DDoS Vulnerability High
CVE-2025-9784 was published for io.undertow:undertow-core (Maven) Sep 2, 2025
fawind
Credited to fawind
An allocation of resources without limits or throttling vulnerability has been reported to affect... High Unreviewed
CVE-2025-30261 was published Aug 29, 2025
An allocation of resources without limits or throttling vulnerability has been reported to affect... High Unreviewed
CVE-2025-30260 was published Aug 29, 2025
An allocation of resources without limits or throttling vulnerability has been reported to affect... High Unreviewed
CVE-2025-29890 was published Aug 29, 2025
An allocation of resources without limits or throttling vulnerability has been reported to affect... High Unreviewed
CVE-2025-29899 was published Aug 29, 2025
An allocation of resources without limits or throttling vulnerability has been reported to affect... High Unreviewed
CVE-2025-29900 was published Aug 29, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database