Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,312 advisories

Loading
Apache Commons FileUpload, Apache Commons FileUpload: FileUpload DoS via part headers High
CVE-2025-48976 was published for commons-fileupload:commons-fileupload (Maven) Jun 16, 2025
ryanmurf
Credited to ryanmurf
Eclipse Jetty's ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks Moderate
CVE-2024-8184 was published for org.eclipse.jetty:jetty-server (Maven) Oct 14, 2024
HRsGIT levpachmanov
Credited to HRsGIT and levpachmanov
Eclipse Jetty's PushSessionCacheFilter can cause remote DoS attacks Low
CVE-2024-6762 was published for org.eclipse.jetty:jetty-servlets (Maven) Oct 14, 2024
REXML DoS vulnerability Moderate
CVE-2024-41946 was published for rexml (RubyGems) Aug 2, 2024
naitoh
Credited to naitoh
REXML DoS vulnerability Moderate
CVE-2024-41123 was published for rexml (RubyGems) Aug 1, 2024
angular vulnerable to regular expression denial of service (ReDoS) Moderate
CVE-2022-25844 was published for angular (npm) May 3, 2022
Ruby SAML DOS vulnerability with large SAML response Moderate
CVE-2025-54572 was published for ruby-saml (RubyGems) Jul 30, 2025
Yuuki77 dblessing
Credited to Yuuki77 and dblessing
In the Linux kernel, the following vulnerability has been resolved: sound/virtio: Fix... Moderate Unreviewed
CVE-2025-37805 was published May 8, 2025
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1... Moderate Unreviewed
CVE-2025-1000 was published May 5, 2025
Zabbix server is vulnerable to a DoS vulnerability due to uncontrolled resource exhaustion. An... Moderate Unreviewed
CVE-2024-45700 was published Apr 2, 2025
An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control... Moderate Unreviewed
CVE-2025-54500 was published Aug 13, 2025
IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of... Moderate Unreviewed
CVE-2025-36047 was published Aug 14, 2025
Apache Tomcat - DoS in multipart upload High
CVE-2025-48988 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jun 16, 2025
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1... Moderate Unreviewed
CVE-2025-0915 was published May 5, 2025
In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Ratelimit... Moderate Unreviewed
CVE-2025-21690 was published Feb 10, 2025
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). ... Moderate Unreviewed
CVE-2025-30688 was published Apr 15, 2025
The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3,... Moderate Unreviewed
CVE-2025-24158 was published Jan 28, 2025
The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma... Critical Unreviewed
CVE-2025-24163 was published Jan 28, 2025
The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.4,... Moderate Unreviewed
CVE-2025-24086 was published Jan 28, 2025
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). ... Moderate Unreviewed
CVE-2025-21518 was published Jan 21, 2025
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services... Moderate Unreviewed
CVE-2025-21505 was published Jan 21, 2025
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported... Moderate Unreviewed
CVE-2025-21503 was published Jan 21, 2025
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported... Moderate Unreviewed
CVE-2025-21522 was published Jan 21, 2025
In the Linux kernel, the following vulnerability has been resolved: powerpc/code-patching: Fix... Moderate Unreviewed
CVE-2025-21866 was published Mar 12, 2025
Ruby SAML allows remote Denial of Service (DoS) with compressed SAML responses High
CVE-2025-25293 was published for ruby-saml (RubyGems) Mar 12, 2025
p-
Credited to p-
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database