Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,752
Maven
5,000+
npm
4,357
NuGet
765
pip
4,121
Pub
12
RubyGems
961
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

649 advisories

Loading
Servify-express rate limit issue High
CVE-2025-67731 was published for servify-express (npm) Dec 11, 2025
Aarondoran
Credited to Aarondoran
Undertow MadeYouReset HTTP/2 DDoS Vulnerability High
CVE-2025-9784 was published for io.undertow:undertow-core (Maven) Sep 2, 2025
fawind
Credited to fawind
XWiki's REST APIs don't enforce any limits, leading to unavailability and OOM in large wikis High
CVE-2025-66473 was published for org.xwiki.platform:xwiki-platform-rest-server (Maven) Dec 10, 2025
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.4.6,... High Unreviewed
CVE-2025-12562 was published Dec 11, 2025
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.4.5,... High Unreviewed
CVE-2025-12571 was published Nov 26, 2025
A security issue exists within 432ES-IG3 Series A, which affects GuardLink® EtherNet/IP Interface... High Unreviewed
CVE-2025-9368 was published Dec 9, 2025
In getComponentName of MediaButtonReceiverHolder.java, there is a possible desync in persistence... High Unreviewed
CVE-2025-48615 was published Dec 8, 2025
In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service... High Unreviewed
CVE-2025-48631 was published Dec 8, 2025
urllib3 allows an unbounded number of links in the decompression chain High
CVE-2025-66418 was published for urllib3 (pip) Dec 5, 2025
illia-v sethmlarson
pquentin
Credited to illia-v, sethmlarson, and pquentin
Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity... High Unreviewed
CVE-2025-12385 was published Dec 3, 2025
Babylon's malformed vote extensions are not rejected High
GHSA-2fcv-qww3-9v6h was published for github.com/babylonlabs-io/babylon/v4 (Go) Nov 24, 2025
Allocation of Resources Without Limits or Throttling vulnerability in Shelly Pro 4PM (before v1.6... High Unreviewed
CVE-2025-11243 was published Nov 19, 2025
A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message,... High Unreviewed
CVE-2025-32049 was published Apr 3, 2025
EasyFlow GP developed by Digiwin has a Denial of service vulnerability, allowing unauthenticated... High Unreviewed
CVE-2025-13165 was published Nov 17, 2025
Bugsink is vulnerable to unauthenticated remote DoS via crafted Brotli input (via CPU) High
CVE-2025-64509 was published for bugsink (pip) Nov 13, 2025
Cycloctane
Credited to Cycloctane
Bugsink is vulnerable to unauthenticated remote DoS via crafted Brotli input High
CVE-2025-64508 was published for bugsink (pip) Nov 13, 2025
Eclipse Jetty affected by MadeYouReset HTTP/2 vulnerability High
CVE-2025-5115 was published for org.eclipse.jetty.http2:http2-common (Maven) Aug 20, 2025
galbarnahum AnatBB
YanivRL
Credited to galbarnahum, AnatBB, and YanivRL
Netty affected by MadeYouReset HTTP/2 DDoS vulnerability High
CVE-2025-55163 was published for io.grpc:grpc-netty-shaded (Maven) Aug 13, 2025
galbarnahum AnatBB
YanivRL aikebah jjweston if-of
Credited to galbarnahum, AnatBB, YanivRL, aikebah, jjweston, and if-of
Django denial-of-service attack in the intcomma template filter High
CVE-2024-24680 was published for Django (pip) Feb 7, 2024
HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to... High Unreviewed
CVE-2024-27316 was published Apr 4, 2024
A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that... High Unreviewed
CVE-2021-41840 was published Feb 10, 2022
Certain DNSSEC aspects of the DNS protocol (in RFC 4035 and related RFCs) allow remote attackers... High Unreviewed
CVE-2023-50387 was published Feb 14, 2024
Django vulnerable to Denial of Service High
CVE-2024-39614 was published for Django (pip) Jul 10, 2024
Django vulnerable to Denial of Service High
CVE-2024-38875 was published for Django (pip) Jul 10, 2024
Very large headers can cause resource exhaustion when parsing message. The message-parser... High Unreviewed
CVE-2024-23185 was published Sep 10, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database