Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,318
Maven
5,000+
npm
3,950
NuGet
711
pip
3,730
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,142 advisories

Loading
A Allocation of Resources Without Limits or Throttling vulnerability in sslh allows attackers to... High Unreviewed
CVE-2025-46807 was published Jun 2, 2025
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1... Moderate Unreviewed
CVE-2025-3050 was published May 29, 2025
An e-mail flooding vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11,... Moderate Unreviewed
CVE-2025-48738 was published May 23, 2025
An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 17.10.7, 17... Moderate Unreviewed
CVE-2024-7803 was published May 23, 2025
An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before... High Unreviewed
CVE-2025-0993 was published May 22, 2025
An issue has been discovered in GitLab CE/EE affecting all versions from 10.2 before 17.10.7, 17... Moderate Unreviewed
CVE-2025-3111 was published May 22, 2025
An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before... Moderate Unreviewed
CVE-2025-2853 was published May 22, 2025
Allocation of Resources Without Limits or Throttling vulnerability in Drupal Events Log Track... High Unreviewed
CVE-2025-4416 was published May 21, 2025
Tornado vulnerable to excessive logging caused by malformed multipart form data High
CVE-2025-47287 was published for tornado (pip) May 16, 2025
Startr4ck awsactran
Babylon Integer Overflow in Distribution Module CumulativeRewardRatio Calculation Leading to Chain Halt High
GHSA-869w-47c6-fq8q was published for github.com/babylonlabs-io/babylon (Go) May 15, 2025
Uncontrolled resource consumption in Windows Deployment Services allows an unauthorized attacker... Moderate Unreviewed
CVE-2025-29957 was published May 13, 2025
Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows... Moderate Unreviewed
CVE-2025-29954 was published May 13, 2025
Uncontrolled resource consumption in Remote Desktop Gateway Service allows an unauthorized... High Unreviewed
CVE-2025-26677 was published May 13, 2025
An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.1 prior to... Moderate Unreviewed
CVE-2024-8973 was published May 9, 2025
ring has some AES functions that may panic when overflow checking is enabled in Moderate
CVE-2025-4432 was published for ring (Rust) May 9, 2025
Django has a denial-of-service possibility in strip_tags() Moderate
CVE-2025-32873 was published for Django (pip) May 8, 2025
When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses... High Unreviewed
CVE-2025-36504 was published May 8, 2025
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1... Moderate Unreviewed
CVE-2025-0915 was published May 5, 2025
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1... Moderate Unreviewed
CVE-2025-1000 was published May 5, 2025
OPA server Data API HTTP path injection of Rego High
CVE-2025-46569 was published for github.com/open-policy-agent/opa (Go) May 1, 2025
GamrayW HyouKash
AdrienIT
Volcano Scheduler Denial of Service via Unbounded Response from Elastic Service/extender Plugin High
CVE-2025-32777 was published for volcano.sh/volcano (Go) Apr 30, 2025
kevin-wangzefeng Monokaix
AdamKorcz
A vulnerability in the web application of ctrlX OS allows a remote authenticated (low-privileged)... Moderate Unreviewed
CVE-2025-24341 was published Apr 30, 2025
Data exposure via ZeroMQ on multi-node vLLM deployment High
CVE-2025-30202 was published for vllm (pip) Apr 29, 2025
russellb kexinoh
net-imap rubygem vulnerable to possible DoS by memory exhaustion Moderate
CVE-2025-43857 was published for net-imap (RubyGems) Apr 28, 2025
Masamuneee nevans
quickjs-ng through 0.9.0 has a missing length check in JS_ReadString for a string, leading to a... Moderate Unreviewed
CVE-2025-46687 was published Apr 27, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database