Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,974
Maven
5,000+
npm
4,621
NuGet
788
pip
4,317
Pub
12
RubyGems
984
Rust
1,131
Swift
49
Unreviewed advisories
All unreviewed
5,000+

1,615 advisories

Loading
A GPU device-ID validation flaw in OneFlow v0.9.0 allows attackers to trigger a Denial of Dervice... High Unreviewed
CVE-2025-65891 was published Jan 28, 2026
A type validation flaw in the flow.dstack() component of OneFlow v0.9.0 allows attackers to cause... High Unreviewed
CVE-2025-65889 was published Jan 28, 2026
A GPU device-ID validation flaw in the flow.cuda.get_device_capability() component of OneFlow v0... High Unreviewed
CVE-2025-70999 was published Jan 28, 2026
A device-ID validation flaw in OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS)... High Unreviewed
CVE-2025-65890 was published Jan 28, 2026
An issue in the flow.cuda.BoolTensor component of OneFlow v0.9.0 allows attackers to cause a... High Unreviewed
CVE-2025-71000 was published Jan 28, 2026
A shape mismatch vulnerability in OneFlow v0.9.0 allows attackers to cause a Denial of Service ... High Unreviewed
CVE-2025-65886 was published Jan 28, 2026
React Server Components have multiple Denial of Service Vulnerabilities High
CVE-2026-23864 was published for react-server-dom-parcel (npm) Jan 29, 2026
mufeedvh Ry0taK
jviide marckwei
Credited to mufeedvh, Ry0taK, jviide, and marckwei
Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components High
GHSA-h25m-26qc-wcjf was published for next (npm) Jan 28, 2026
Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the... High Unreviewed
CVE-2026-21720 was published Jan 27, 2026
A malformed `HTTP/2 HEADERS` frame with oversized, invalid `HPACK` data can cause Node.js to... High Unreviewed
CVE-2025-59465 was published Jan 20, 2026
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition... High Unreviewed
CVE-2026-21945 was published Jan 21, 2026
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). ... High Unreviewed
CVE-2026-21955 was published Jan 21, 2026
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). ... High Unreviewed
CVE-2026-21956 was published Jan 21, 2026
ChatterBot Vulnerable to Denial of Service via Database Connection Pool Exhaustion High
CVE-2026-23842 was published for chatterbot (pip) Jan 20, 2026
AdityaBhatt3010
Credited to AdityaBhatt3010
Denial of Service Vulnerability in ActiveRecord's PostgreSQL adapter High
CVE-2022-44566 was published for activerecord (RubyGems) Jan 18, 2023
robertoz-01 aviyam181199
G-Rath RDIL
Credited to robertoz-01, aviyam181199, G-Rath, and RDIL
SvelteKit is vulnerable to denial of service and possible SSRF when using prerendering High
CVE-2025-67647 was published for @sveltejs/adapter-node (npm) Jan 15, 2026
cold-try teemingc
benmccann d-xuan
Credited to cold-try, teemingc, benmccann, and d-xuan
Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up High
GHSA-5j59-xgg2-r9c4 was published for next (npm) Dec 12, 2025
xpertforextradeinc
Credited to xpertforextradeinc
An issue in nanomq v0.22.7 allows attackers to cause a Denial of Service (DoS) via a crafted... High Unreviewed
CVE-2024-48077 was published Jan 15, 2026
Denial-of-service in the DOM: Service Workers component. This vulnerability affects Firefox < 147. High Unreviewed
CVE-2026-0889 was published Jan 13, 2026
Scrapy denial of service vulnerability High
CVE-2017-14158 was published for scrapy (pip) May 17, 2022
jhutchings1 G-Rath
ayatweb Matthew-Grayson
Credited to jhutchings1, G-Rath, ayatweb, and Matthew-Grayson
go-ethereum is vulnerable to high CPU usage leading to DoS via malicious p2p message High
CVE-2026-22868 was published for github.com/ethereum/go-ethereum (Go) Jan 13, 2026
Yenya030
Credited to Yenya030
A vulnerability has been identified in SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0) (All... High Unreviewed
CVE-2025-40944 was published Jan 13, 2026
An issue in Hero Motocorp Vida V1 Pro 2.0.7 allows a local attacker to cause a denial of service... High Unreviewed
CVE-2025-67133 was published Jan 9, 2026
An issue in Insiders Technologies GmbH e-invoice pro before release 1 Service Pack 2 allows a... High Unreviewed
CVE-2025-56424 was published Jan 8, 2026
A buffer overflow vulnerability exists in the ONVIF XML parser of Tapo C200 V3. An... High Unreviewed
CVE-2025-8065 was published Dec 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database