Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,974
Maven
5,000+
npm
4,621
NuGet
788
pip
4,317
Pub
12
RubyGems
984
Rust
1,131
Swift
49
Unreviewed advisories
All unreviewed
5,000+

1,615 advisories

Loading
In the Linux kernel, the following vulnerability has been resolved: ksmbd: limit repeated... High Unreviewed
CVE-2025-38501 was published Aug 16, 2025
The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service ... High Unreviewed
CVE-2024-33655 was published Jun 6, 2024
latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption)... High Unreviewed
CVE-2023-50967 was published Mar 20, 2024
GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and... High Unreviewed
CVE-2014-5418 was published May 17, 2022
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) High
CVE-2022-37599 was published for loader-utils (npm) Oct 12, 2022
jeran-urban G-Rath
Credited to jeran-urban and G-Rath
HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to... High Unreviewed
CVE-2024-27316 was published Apr 4, 2024
libexpat through 2.5.0 allows a denial of service (resource consumption) because many full... High Unreviewed
CVE-2023-52425 was published Feb 4, 2024
A lack of rate limiting in the "Login Section, Forgot Email" feature of PHPJabbers Hotel Booking... High Unreviewed
CVE-2023-51301 was published Feb 19, 2025
A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Bus Reservation System v1... High Unreviewed
CVE-2023-51316 was published Feb 20, 2025
A lack of rate limiting in the 'Forgot Password', 'Email Settings' feature of PHPJabbers... High Unreviewed
CVE-2023-51314 was published Feb 20, 2025
The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is... High Unreviewed
CVE-2023-50868 was published Feb 14, 2024
Django Denial-of-service in django.utils.text.Truncator High
CVE-2023-43665 was published for Django (pip) Nov 3, 2023
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS... High Unreviewed
CVE-2024-44160 was published Sep 17, 2024
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in... High Unreviewed
CVE-2024-40841 was published Sep 17, 2024
An issue was discovered in includes/specials/SpecialMovePage.php in MediaWiki before 1.39.7, 1.40... High Unreviewed
CVE-2024-34506 was published May 5, 2024
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7,... High Unreviewed
CVE-2024-44169 was published Sep 17, 2024
This issue was addressed through improved state management. This issue is fixed in iOS 18 and... High Unreviewed
CVE-2024-27874 was published Sep 17, 2024
The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/route.c max_size threshold... High Unreviewed
CVE-2023-52340 was published Jul 5, 2024
Starlette vulnerable to O(n^2) DoS via Range header merging in ``starlette.responses.FileResponse`` High
CVE-2025-62727 was published for starlette (pip) Oct 28, 2025
ch4n3-yoon nadavaseal
Credited to ch4n3-yoon and nadavaseal
Tornado has an HTTP cookie parsing DoS vulnerability High
CVE-2024-52804 was published for tornado (pip) Nov 22, 2024
kexinoh
Credited to kexinoh
Moment.js vulnerable to Inefficient Regular Expression Complexity High
CVE-2022-31129 was published for Moment.js (npm) Jul 6, 2022
doublevkay
Credited to doublevkay
StripComments filter contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service) High
CVE-2021-32839 was published for sqlparse (pip) Sep 10, 2021
erik-krogh
Credited to erik-krogh
Denial of Service by injecting highly recursive collections or maps in XStream High
CVE-2021-43859 was published for com.thoughtworks.xstream:xstream (Maven) Feb 1, 2022
r00t4dm
Credited to r00t4dm
py vulnerable to Regular Expression Denial of Service High
CVE-2020-29651 was published for py (pip) Apr 20, 2021
By sending a specially crafted push message, a remote server could have hung the parent process,... High Unreviewed
CVE-2024-10466 was published Oct 29, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database