Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,894
Erlang
38
GitHub Actions
38
Go
2,556
Maven
5,000+
npm
4,228
NuGet
747
pip
4,000
Pub
12
RubyGems
953
Rust
1,041
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,984 advisories

Loading
Ackites KillWxapkg Zip Bomb Resource Exhaustion Low
CVE-2025-5031 was published for github.com/Ackites/KillWxapkg (Go) May 21, 2025
achibear
Credited to achibear
An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If... Moderate Unreviewed
CVE-2025-29898 was published Aug 29, 2025
REXML has DoS condition when parsing malformed XML file Low
CVE-2025-58767 was published for rexml (RubyGems) Sep 17, 2025
sofiaaberegg
Credited to sofiaaberegg
When TCP Verified Accept is enabled on a TCP profile that is configured on a Virtual Server,... High Unreviewed
CVE-2023-40542 was published Oct 10, 2023
A security flaw has been discovered in Tor up to 0.4.7.16/0.4.8.17. Impacted is an unknown... Moderate Unreviewed
CVE-2025-4444 was published Sep 18, 2025
Process residence vulnerability in abnormal scenarios in the print module Impact: Successful... Moderate Unreviewed
CVE-2025-46593 was published May 6, 2025
Vulnerability of processes not being fully terminated in the VPN module Impact: Successful... Moderate Unreviewed
CVE-2024-51513 was published Nov 5, 2024
Process residence vulnerability in abnormal scenarios in the print module Impact: Successful... Moderate Unreviewed
CVE-2024-54113 was published Dec 12, 2024
REXML contains a denial of service vulnerability Moderate
CVE-2024-35176 was published for rexml (RubyGems) May 16, 2024
The /api/comment endpoint in zhangyd-c OneBlog 2.3.9 contains a denial-of-service vulnerability. High Unreviewed
CVE-2025-56264 was published Sep 16, 2025
CISA Thorium does not rate limit requests to send account verification email messages. A remote... Moderate Unreviewed
CVE-2025-35432 was published Sep 17, 2025
A denial-of-service issue was addressed with improved validation. This issue is fixed in macOS... Moderate Unreviewed
CVE-2025-43295 was published Sep 16, 2025
Liferay Portal: Missing Rate Limiting in GraphQL Endpoint Enables Resource Exhaustion Attack High
CVE-2025-43796 was published for com.liferay:com.liferay.portal.vulcan.api (Maven) Sep 12, 2025
Ruby SAML allows remote Denial of Service (DoS) with compressed SAML responses High
CVE-2025-25293 was published for ruby-saml (RubyGems) Mar 12, 2025
p-
Credited to p-
Hono has Body Limit Middleware Bypass Moderate
CVE-2025-59139 was published for hono (npm) Sep 12, 2025
imenyoo2 mwlik
Credited to imenyoo2 and mwlik
A vulnerability, which was classified as problematic, was found in Axiomatic Bento4 up to 1.6.0... Moderate Unreviewed
CVE-2025-8537 was published Aug 5, 2025
Ruby SAML DOS vulnerability with large SAML response Moderate
CVE-2025-54572 was published for ruby-saml (RubyGems) Jul 30, 2025
Yuuki77 dblessing
Credited to Yuuki77 and dblessing
An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) Integer overflow and invalid... High Unreviewed
CVE-2025-57614 was published Sep 10, 2025
protobuf-java has potential Denial of Service issue High
CVE-2024-7254 was published for com.google.protobuf:protobuf-java (RubyGems) Sep 19, 2024
anlakii
Credited to anlakii
FS2 half-shutdown of socket during TLS handshake may result in spin loop on opposite side Moderate
CVE-2025-58369 was published for co.fs2:fs2-io_0.26 (Maven) Sep 5, 2025
A vulnerability in the Address Resolution Protocol (ARP) implementation of Cisco IOS XR Software... High Unreviewed
CVE-2025-20340 was published Sep 10, 2025
An issue in Open5GS v2.7.2 and before allows a remote attacker to cause a denial of service via a... High Unreviewed
CVE-2025-52322 was published Sep 9, 2025
Uncontrolled resource consumption in certain Zoom Workplace Clients may allow an unauthenticated... Moderate Unreviewed
CVE-2025-49460 was published Sep 10, 2025
A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions). The... Low Unreviewed
CVE-2025-40802 was published Sep 9, 2025
Assertion failure in function ngap_build_downlink_nas_transport in file src/amf/ngap-build.c, the... High Unreviewed
CVE-2025-52288 was published Sep 8, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database