Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

26 advisories

Loading
Sigstore Timestamp Authority allocates excessive memory during request parsing High
CVE-2025-66564 was published for github.com/sigstore/timestamp-authority (Go) Dec 5, 2025
Fulcio allocates excessive memory during token parsing High
CVE-2025-66506 was published for github.com/sigstore/fulcio (Go) Dec 5, 2025
adeinega
Credited to adeinega
An authenticated Zabbix user (including Guest) is able to cause disproportionate CPU load on the... Moderate Unreviewed
CVE-2025-49643 was published Dec 1, 2025
Querying for records within a specially crafted zone containing certain malformed DNSKEY records... High Unreviewed
CVE-2025-8677 was published Oct 22, 2025
This High severity DoS (Denial of Service) vulnerability was introduced in version 2.0 of... High Unreviewed
CVE-2025-22166 was published Oct 21, 2025
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are ... Moderate Unreviewed
CVE-2025-26516 was published Sep 19, 2025
HCL Connections Docs may mishandle validation of certain uploaded documents leading to denial of... Moderate Unreviewed
CVE-2025-31987 was published Aug 15, 2025
swift-nio-http2 affected by HTTP/2 MadeYouReset vulnerability Moderate
GHSA-xvr7-p2c6-j83w was published for github.com/apple/swift-nio-http2 (Swift) Aug 13, 2025
galbarnahum AnatBB
Credited to galbarnahum and AnatBB
Chall-Manager's scenario decoding process does not check for zip bombs High
CVE-2025-53633 was published for github.com/ctfer-io/chall-manager (Go) Jul 10, 2025
net-imap rubygem vulnerable to possible DoS by memory exhaustion Moderate
CVE-2025-43857 was published for net-imap (RubyGems) Apr 28, 2025
Masamuneee nevans
Credited to Masamuneee and nevans
jwt-go allows excessive memory allocation during header parsing High
CVE-2025-30204 was published for github.com/golang-jwt/jwt (Go) Mar 21, 2025
jub0bs Web-E
peterbourgon skitt
Credited to jub0bs, Web-E, peterbourgon, and skitt
Possible DoS by memory exhaustion in net-imap Moderate
CVE-2025-25186 was published for net-imap (RubyGems) Feb 10, 2025
manunio nevans
Credited to manunio and nevans
It is possible to construct a zone such that some queries to it will generate responses... High Unreviewed
CVE-2024-11187 was published Jan 30, 2025
body-parser vulnerable to denial of service when url encoding is enabled High
CVE-2024-45590 was published for body-parser (npm) Sep 10, 2024
AdamKorcz UlisesGascon
ctcpip wesleytodd
Credited to AdamKorcz, UlisesGascon, ctcpip, and wesleytodd
IBM InfoSphere Information Server could allow an authenticated user to consume file space... Moderate Unreviewed
CVE-2024-40705 was published Aug 15, 2024
IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to cause a denial of service... Moderate Unreviewed
CVE-2024-39743 was published Jul 8, 2024
An issue in The Document Foundation Libreoffice v.7.4.7 allows a remote attacker to cause a... Moderate Unreviewed
CVE-2023-36268 was published Apr 30, 2024
An issue was found in the CPython `zipfile` module affecting versions 3.12.2, 3.11.8, 3.10.13, 3... Moderate Unreviewed
CVE-2024-0450 was published Mar 19, 2024
nGrinder before 3.5.9 allows to set delay without limitation, which could be the cause of Denial... Low Unreviewed
CVE-2024-28214 was published Mar 7, 2024
An unauthenticated  denial of service vulnerability exists in the SMM v1, SMM v2, and FPC... High Unreviewed
CVE-2023-2992 was published Jun 26, 2023
TYPO3 CMS vulnerable to Denial of Service in Page Error Handling Moderate
CVE-2022-23500 was published for typo3/cms (Composer) Dec 13, 2022
Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This... High Unreviewed
CVE-2019-11479 was published May 24, 2022
A vulnerability in the lservnt.exe component of Sentinel License Manager version 8.5.3.35 (fixed... High Unreviewed
CVE-2018-15492 was published May 14, 2022
OCI OpenDDS versions prior to 3.18.1 are vulnerable when an attacker sends a specially crafted... High Unreviewed
CVE-2021-38447 was published May 6, 2022
Asymmetric Resource Consumption (Amplification) in Docker containers created by Wings Moderate
CVE-2021-32699 was published for github.com/pterodactyl/wings (Go) Jun 23, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database