Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,974
Maven
5,000+
npm
4,621
NuGet
788
pip
4,317
Pub
12
RubyGems
984
Rust
1,131
Swift
49
Unreviewed advisories
All unreviewed
5,000+

371 advisories

Loading
webtransport-go: CloseWithError can block indefinitely Moderate
CVE-2026-21435 was published for github.com/quic-go/webtransport-go (Go) Feb 12, 2026
Authorino Uncontrolled Resource Consumption vulnerability Moderate
CVE-2025-25207 was published for github.com/kuadrant/authorino (Go) Jun 9, 2025
amphp/http-server affected by HTTP/2 DDoS vulnerability Moderate
GHSA-8grv-jq2g-cfhw was published for amphp/http-server (Composer) Feb 10, 2026
galbarnahum
Credited to galbarnahum
Next.js has Unbounded Memory Consumption via PPR Resume Endpoint Moderate
CVE-2025-59472 was published for next (npm) Jan 28, 2026
cylewaitforit
Credited to cylewaitforit
apko affected by unbounded resource consumption in expandapk.Split on attacker-controlled .apk streams Moderate
CVE-2026-25122 was published for chainguard.dev/apko (Go) Feb 3, 2026
1seal egibs
antitree jdolitsky
Credited to 1seal, egibs, antitree, and jdolitsky
Duplicate Advisory: Denial of service when decrypting attack controlled input in github.com/dvsekhvalnov/jose2go Moderate
GHSA-mhpq-9638-x6pw was published for github.com/dvsekhvalnov/jose2go (Go) Dec 20, 2023 withdrawn
Duplicate Advisory: Regular Expression Denial of Service in simple-markdown Moderate
GHSA-4xf9-pgvv-xx67 was published for simple-markdown (npm) Sep 3, 2020 withdrawn
tdunlap607
Credited to tdunlap607
jose2go vulnerable to denial of service via large p2c value Moderate
CVE-2023-50658 was published for github.com/dvsekhvalnov/jose2go (Go) Feb 29, 2024
Pterodactyl improperly locks resources allowing raced queries to create more resources than alloted Moderate
CVE-2025-69198 was published for pterodactyl/panel (Composer) Jan 20, 2026
vsevolodmelnyk
Credited to vsevolodmelnyk
llama-index-core vulnerable to Uncontrolled Resource Consumption Moderate
CVE-2025-6208 was published for llama-index-core (pip) Feb 2, 2026
Unfurl's unbounded zlib decompression allows decompression bomb DoS Moderate
GHSA-h5qv-qjv4-pc5m was published for dfir-unfurl (pip) Jan 29, 2026
mobasi-team
Credited to mobasi-team
gmrtd ReadFile Vulnerable to Denial of Service via Excessive TLV Length Values Moderate
CVE-2026-24738 was published for github.com/gmrtd/gmrtd (Go) Jan 27, 2026
ramrunner
Credited to ramrunner
Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration Moderate
CVE-2025-59471 was published for next (npm) Jan 27, 2026
Prototype Pollution in extend Moderate
CVE-2018-16492 was published for extend (npm) Feb 7, 2019
ljharb
Credited to ljharb
pypdf's LZWDecode streams be manipulated to exhaust RAM Moderate
CVE-2025-66019 was published for pypdf (pip) Nov 24, 2025
aydinnyunus stefan6419846
Credited to aydinnyunus and stefan6419846
memory leak flaw was found in ruby-magick Moderate
CVE-2023-5349 was published for rmagick (RubyGems) Oct 30, 2023
Node Denial of Service via kubelet Checkpoint API Moderate
CVE-2025-0426 was published for k8s.io/kubernetes (Go) Feb 13, 2025
Hash collision in typelevel jawn Moderate
CVE-2022-21653 was published for org.typelevel:jawn-parser_0.25 (Maven) Jan 6, 2022
nrktkt
Credited to nrktkt
Grav is vulnerable to a DOS on the admin panel Moderate
CVE-2025-66303 was published for getgrav/grav (Composer) Dec 2, 2025
alix41dsec
Credited to alix41dsec
body-parser is vulnerable to denial of service when url encoding is used Moderate
CVE-2025-13466 was published for body-parser (npm) Nov 25, 2025
Phillip9587 bjohansebas
UlisesGascon ctcpip sheplu jonchurch
Credited to Phillip9587, bjohansebas, UlisesGascon, ctcpip, sheplu, and jonchurch
net-imap rubygem vulnerable to possible DoS by memory exhaustion Moderate
CVE-2025-43857 was published for net-imap (RubyGems) Apr 28, 2025
Masamuneee nevans
Credited to Masamuneee and nevans
FS2 half-shutdown of socket during TLS handshake may result in spin loop on opposite side Moderate
CVE-2025-58369 was published for co.fs2:fs2-io_0.26 (Maven) Sep 5, 2025
lukestephenson-zendesk
Credited to lukestephenson-zendesk
Apereo CAS has inefficient regular expression complexity Moderate
CVE-2025-3985 was published for org.apereo.cas:cas-management-webapp-support (Maven) Apr 27, 2025
Apache CXF is vulnerable to DoS attacks as entire files are read into memory and logged Moderate
CVE-2025-48795 was published for org.apache.cxf:cxf-core (Maven) Jul 15, 2025
pavelarnost
Credited to pavelarnost
Apache Tomcat Coyote vulnerable to Denial of Service via excessive HTTP/2 streams Moderate
CVE-2025-53506 was published for org.apache.tomcat:tomcat-coyote (Maven) Jul 10, 2025
fabien-chebel
Credited to fabien-chebel
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database