Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,726
Maven
5,000+
npm
4,331
NuGet
763
pip
4,107
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

12 advisories

Loading
Sigstore Timestamp Authority allocates excessive memory during request parsing High
CVE-2025-66564 was published for github.com/sigstore/timestamp-authority (Go) Dec 5, 2025
Fulcio allocates excessive memory during token parsing High
CVE-2025-66506 was published for github.com/sigstore/fulcio (Go) Dec 5, 2025
adeinega
Credited to adeinega
Querying for records within a specially crafted zone containing certain malformed DNSKEY records... High Unreviewed
CVE-2025-8677 was published Oct 22, 2025
This High severity DoS (Denial of Service) vulnerability was introduced in version 2.0 of... High Unreviewed
CVE-2025-22166 was published Oct 21, 2025
Chall-Manager's scenario decoding process does not check for zip bombs High
CVE-2025-53633 was published for github.com/ctfer-io/chall-manager (Go) Jul 10, 2025
jwt-go allows excessive memory allocation during header parsing High
CVE-2025-30204 was published for github.com/golang-jwt/jwt (Go) Mar 21, 2025
jub0bs Web-E
peterbourgon skitt
Credited to jub0bs, Web-E, peterbourgon, and skitt
It is possible to construct a zone such that some queries to it will generate responses... High Unreviewed
CVE-2024-11187 was published Jan 30, 2025
body-parser vulnerable to denial of service when url encoding is enabled High
CVE-2024-45590 was published for body-parser (npm) Sep 10, 2024
AdamKorcz UlisesGascon
ctcpip wesleytodd
Credited to AdamKorcz, UlisesGascon, ctcpip, and wesleytodd
An unauthenticated  denial of service vulnerability exists in the SMM v1, SMM v2, and FPC... High Unreviewed
CVE-2023-2992 was published Jun 26, 2023
Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This... High Unreviewed
CVE-2019-11479 was published May 24, 2022
A vulnerability in the lservnt.exe component of Sentinel License Manager version 8.5.3.35 (fixed... High Unreviewed
CVE-2018-15492 was published May 14, 2022
OCI OpenDDS versions prior to 3.18.1 are vulnerable when an attacker sends a specially crafted... High Unreviewed
CVE-2021-38447 was published May 6, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database