Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,228 advisories

Loading
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1... Moderate Unreviewed
CVE-2025-3050 was published May 29, 2025
A Allocation of Resources Without Limits or Throttling vulnerability in sslh allows attackers to... High Unreviewed
CVE-2025-46807 was published Jun 2, 2025
An unauthenticated remote attacker may use an uncontrolled resource consumption in the IEC 61131... High Unreviewed
CVE-2018-25112 was published Jun 4, 2025
ReDoS Vulnerability in Rack::Multipart handle_mime_head Moderate
CVE-2025-49007 was published for rack (RubyGems) Jun 5, 2025
When loading a specifically crafted ICNS format image file in QImage then it will trigger a crash... Moderate Unreviewed
CVE-2025-5683 was published Jun 5, 2025
Resource allocation control failure vulnerability in the ArkUI framework Impact: Successful... Moderate Unreviewed
CVE-2024-58114 was published Jun 6, 2025
An allocation of resources without limits or throttling vulnerability has been reported to affect... High Unreviewed
CVE-2025-22484 was published Jun 6, 2025
An allocation of resources without limits or throttling vulnerability has been reported to affect... High Unreviewed
CVE-2025-29872 was published Jun 6, 2025
CoreDNS Vulnerable to DoQ Memory Exhaustion via Stream Amplification High
CVE-2025-47950 was published for github.com/coredns/coredns (Go) Jun 6, 2025
thevilledev dfunkt
Pion Interceptor's improper RTP padding handling allows remote crash for SFU users (DoS) High
CVE-2025-49140 was published for github.com/pion/interceptor (Go) Jun 9, 2025
JoeTurki kmansoft
3DRX
A maliciously crafted .usdc file, when loaded through Autodesk Maya, can force an uncontrolled... Moderate Unreviewed
CVE-2025-4605 was published Jun 11, 2025
Drupal Admin Audit Trail Allocation of Resources Without Limits or Throttling vulnerability High
CVE-2025-48448 was published for drupal/admin_audit_trail (Composer) Jun 11, 2025
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and... High Unreviewed
CVE-2025-25032 was published Jun 11, 2025
An issue has been discovered in GitLab CE/EE affecting all versions from 8.7 before 17.10.8, 17... Moderate Unreviewed
CVE-2025-1516 was published Jun 12, 2025
An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 before 17.10.7, 17... Moderate Unreviewed
CVE-2025-1478 was published Jun 12, 2025
An issue has been discovered in GitLab CE/EE affecting all versions from 2.1.0 before 17.10.8, 17... Moderate Unreviewed
CVE-2025-5996 was published Jun 12, 2025
Salt's worker process vulnerable to denial of service through file read operation Moderate
CVE-2025-22242 was published for salt (pip) Jun 13, 2025
Apache Commons FileUpload, Apache Commons FileUpload: FileUpload DoS via part headers High
CVE-2025-48976 was published for commons-fileupload:commons-fileupload (Maven) Jun 16, 2025
ryanmurf
Apache Tomcat - DoS in multipart upload High
CVE-2025-48988 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jun 16, 2025
Withdrawn Advisory: microlight allows a denial of service Low
CVE-2025-45526 was published for microlight (npm) Jun 17, 2025 withdrawn
Qix-
The Yealink YMCS RPS API before 2025-05-26 lacks rate limiting, potentially enabling information... Moderate Unreviewed
CVE-2025-52917 was published Jun 22, 2025
letmein connection limiter allows an arbitrary amount of simultaneous connections Moderate
CVE-2025-52570 was published for letmeind (Rust) Jun 23, 2025
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a remote attacker to... High Unreviewed
CVE-2025-3221 was published Jun 23, 2025
A denial-of-service vulnerability due to improper prioritization of network traffic over... High Unreviewed
CVE-2025-2403 was published Jun 24, 2025
An issue has been discovered in GitLab CE/EE affecting all versions from 10.7 before 17.11.5, 18... Moderate Unreviewed
CVE-2025-3279 was published Jun 26, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database