Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
47
Go
3,340
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,549
Pub
12
RubyGems
1,012
Rust
1,202
Swift
51
Unreviewed advisories
All unreviewed
5,000+

36 advisories

Loading
Bitcoin Core through 29.0 allows a denial of service via a crafted transaction. Moderate Unreviewed
CVE-2025-46598 was published Mar 20, 2026
A series of specifically crafted, unauthenticated messages can exhaust available memory and crash... High Unreviewed
CVE-2026-25611 was published Feb 10, 2026
SAP BusinessObjects Business Intelligence Platform (AdminTools) allows an authenticated attacker... Moderate Unreviewed
CVE-2026-24324 was published Feb 10, 2026
SAP BusinessObjects BI Platform allows an unauthenticated attacker to send specially crafted... High Unreviewed
CVE-2026-0485 was published Feb 10, 2026
devalue vulnerable to denial of service due to memory/CPU exhaustion in devalue.parse High
CVE-2026-22775 was published for devalue (npm) Jan 15, 2026
jviide Credited to jviide, elliott-with-the-longest-name-on-github, and Rich-Harris elliott-with-the-longest-name-on-github elliott-with-the-longest-name-on-github
Rich-Harris Rich-Harris
Devalue is vulnerable to denial of service due to memory exhaustion in devalue.parse High
CVE-2026-22774 was published for devalue (npm) Jan 15, 2026
jviide Credited to jviide, elliott-with-the-longest-name-on-github, and Rich-Harris elliott-with-the-longest-name-on-github elliott-with-the-longest-name-on-github
Rich-Harris Rich-Harris
Marshmallow has DoS in Schema.load(many) Moderate
CVE-2025-68480 was published for marshmallow (pip) Dec 22, 2025
SAP NetWeaver remote service for Xcelsius allows an attacker with network access and high... High Unreviewed
CVE-2025-42874 was published Dec 9, 2025
Due to a Missing Authorization Check vulnerability in SAP S/4 HANA Private Cloud (Financials... High Unreviewed
CVE-2025-42876 was published Dec 9, 2025
SAPUI5 (and OpenUI5) packages use outdated 3rd party libraries with known security... Moderate Unreviewed
CVE-2025-42873 was published Dec 9, 2025
Sigstore Timestamp Authority allocates excessive memory during request parsing High
CVE-2025-66564 was published for github.com/sigstore/timestamp-authority (Go) Dec 5, 2025
Fulcio allocates excessive memory during token parsing High
CVE-2025-66506 was published for github.com/sigstore/fulcio (Go) Dec 5, 2025
adeinega Credited to adeinega
An authenticated Zabbix user (including Guest) is able to cause disproportionate CPU load on the... Moderate Unreviewed
CVE-2025-49643 was published Dec 1, 2025
Querying for records within a specially crafted zone containing certain malformed DNSKEY records... High Unreviewed
CVE-2025-8677 was published Oct 22, 2025
This High severity DoS (Denial of Service) vulnerability was introduced in version 2.0 of... High Unreviewed
CVE-2025-22166 was published Oct 21, 2025
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are ... Moderate Unreviewed
CVE-2025-26516 was published Sep 19, 2025
HCL Connections Docs may mishandle validation of certain uploaded documents leading to denial of... Moderate Unreviewed
CVE-2025-31987 was published Aug 15, 2025
swift-nio-http2 affected by HTTP/2 MadeYouReset vulnerability Moderate
GHSA-xvr7-p2c6-j83w was published for github.com/apple/swift-nio-http2 (Swift) Aug 13, 2025
galbarnahum Credited to galbarnahum and AnatBB AnatBB AnatBB
Chall-Manager's scenario decoding process does not check for zip bombs High
CVE-2025-53633 was published for github.com/ctfer-io/chall-manager (Go) Jul 10, 2025
net-imap rubygem vulnerable to possible DoS by memory exhaustion Moderate
CVE-2025-43857 was published for net-imap (RubyGems) Apr 28, 2025
Masamuneee Credited to Masamuneee and nevans nevans nevans
jwt-go allows excessive memory allocation during header parsing High
CVE-2025-30204 was published for github.com/golang-jwt/jwt (Go) Mar 21, 2025
jub0bs Credited to jub0bs, Web-E, peterbourgon, and skitt Web-E Web-E
peterbourgon peterbourgon skitt skitt
Possible DoS by memory exhaustion in net-imap Moderate
CVE-2025-25186 was published for net-imap (RubyGems) Feb 10, 2025
manunio Credited to manunio and nevans nevans nevans
It is possible to construct a zone such that some queries to it will generate responses... High Unreviewed
CVE-2024-11187 was published Jan 30, 2025
body-parser vulnerable to denial of service when url encoding is enabled High
CVE-2024-45590 was published for body-parser (npm) Sep 10, 2024
AdamKorcz Credited to AdamKorcz, UlisesGascon, ctcpip, and wesleytodd UlisesGascon UlisesGascon
ctcpip ctcpip wesleytodd wesleytodd
IBM InfoSphere Information Server could allow an authenticated user to consume file space... Moderate Unreviewed
CVE-2024-40705 was published Aug 15, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database