Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,510
Erlang
33
GitHub Actions
25
Go
2,213
Maven
5,000+
npm
3,871
NuGet
696
pip
3,643
Pub
12
RubyGems
913
Rust
922
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,072 advisories

Loading
A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message,... High Unreviewed
CVE-2025-32049 was published Apr 3, 2025
Django Potential Denial of Service (DoS) on Windows Moderate
CVE-2025-27556 was published for Django (pip) Apr 2, 2025
image-size Denial of Service via Infinite Loop during Image Processing High
GHSA-m5qc-5hw7-8vg7 was published for image-size (npm) Apr 2, 2025
dellalibera
Zabbix server is vulnerable to a DoS vulnerability due to uncontrolled resource exhaustion. An... Moderate Unreviewed
CVE-2024-45700 was published Apr 2, 2025
An issue has been discovered in GitLab EE/CE affecting all versions from 12.10 before 17.8.6, 17... Moderate Unreviewed
CVE-2024-10307 was published Mar 28, 2025
Nethermind Juno Potential Denial of Service (DoS) via Integer Overflow High
CVE-2025-29072 was published for github.com/NethermindEth/juno (Go) Mar 27, 2025
Directus's S3 assets become unavailable after a burst of HEAD requests Moderate
CVE-2025-30350 was published for @directus/storage-driver-s3 (npm) Mar 26, 2025
joselcvarela
Directus's S3 assets become unavailable after a burst of malformed transformations Moderate
CVE-2025-30225 was published for @directus/storage-driver-s3 (npm) Mar 26, 2025
joselcvarela
Keycloak Denial of Service (DoS) Vulnerability via JWT Token Cache Moderate
CVE-2025-2559 was published for org.keycloak:keycloak-services (Maven) Mar 25, 2025
An Allocation of Resources Without Limits or Throttling vulnerability in the operating system... High Unreviewed
CVE-2024-45484 was published Mar 25, 2025
Web Push Denial of Service via malicious Web Push endpoint Moderate
GHSA-fc83-9jwq-gc2m was published for web-push (Rust) Mar 24, 2025
Ollama Allocation of Resources Without Limits or Throttling vulnerability High
CVE-2025-0315 was published for github.com/ollama/ollama (Go) Mar 20, 2025
Open WebUI Uncontrolled Resource Consumption vulnerability High
CVE-2024-12537 was published for open-webui (npm) Mar 20, 2025
vLLM denial of service via outlines unbounded cache on disk Moderate
CVE-2025-29770 was published for vllm (pip) Mar 19, 2025
russellb
jsPDF Bypass Regular Expression Denial of Service (ReDoS) High
CVE-2025-29907 was published for jspdf (npm) Mar 18, 2025
Memory Exhaustion in Expr Parser with Unrestricted Input High
CVE-2025-29786 was published for github.com/expr-lang/expr (Go) Mar 17, 2025
thevilledev
An issue was discovered in GitLab EE affecting all versions starting with 12.3 before 17.7.7, 17... Moderate Unreviewed
CVE-2025-1257 was published Mar 13, 2025
An issue was discovered in GitLab CE/EE affecting all versions before 17.7.7, 17.8 prior to 17.8... Moderate Unreviewed
CVE-2024-13054 was published Mar 13, 2025
Ruby SAML allows remote Denial of Service (DoS) with compressed SAML responses High
CVE-2025-25293 was published for ruby-saml (RubyGems) Mar 12, 2025
p-
A vulnerability in the Internet Key Exchange version 2 (IKEv2) function of Cisco IOS XR Software... High Unreviewed
CVE-2025-20209 was published Mar 12, 2025
A vulnerability in the handling of specific packets that are punted from a line card to a route... High Unreviewed
CVE-2025-20141 was published Mar 12, 2025
In the Linux kernel, the following vulnerability has been resolved: powerpc/code-patching: Fix... Moderate Unreviewed
CVE-2025-21866 was published Mar 12, 2025
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double accounting... Moderate Unreviewed
CVE-2024-58089 was published Mar 12, 2025
An issue was discovered in Datalust Seq before 2024.3.13545. Expansion of identifiers in message... Moderate Unreviewed
CVE-2025-27911 was published Mar 11, 2025
PocketMine-MP allows malicious client data to waste server resources due to lack of limits for explode() Moderate
GHSA-g274-c6jj-h78p was published for pocketmine/pocketmine-mp (Composer) Mar 10, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database