Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

91 advisories

Loading
CRI-O has Potential High Memory Consumption from File Read Moderate
CVE-2025-4437 was published for github.com/cri-o/cri-o (Go) Aug 20, 2025
github.com/ulikunitz/xz leaks memory when decoding a corrupted multiple LZMA archives Moderate
CVE-2025-58058 was published for github.com/ulikunitz/xz (Go) Aug 28, 2025
HashiCorp Vault Community Edition Denial of Service Though Complex JSON Payloads High
CVE-2025-6203 was published for github.com/hashicorp/vault (Go) Aug 28, 2025
Rancher affected by unauthenticated Denial of Service High
CVE-2024-58259 was published for github.com/rancher/rancher (Go) Aug 29, 2025
go-git clients vulnerable to DoS via maliciously crafted Git server replies High
CVE-2025-21614 was published for github.com/go-git/go-git (Go) Jan 6, 2025
bdilalu
Chall-Manager's HTTP Gateway is vulnerable to DoS due to missing header timeout High
CVE-2025-53634 was published for github.com/ctfer-io/chall-manager (Go) Jul 10, 2025
Helm Charts with Specific JSON Schema Values Can Cause Memory Exhaustion Moderate
CVE-2025-55199 was published for helm.sh/helm/v3 (Go) Aug 14, 2025
jake-ciolek
Denial of service via malicious preflight requests in github.com/rs/cors Moderate
CVE-2025-47908 was published for github.com/rs/cors (Go) Jul 5, 2024
Duplicate Advisory: Denial of service via malicious preflight requests in github.com/rs/cors Low
GHSA-vh9x-phq6-fx54 was published for github.com/rs/cors (Go) Aug 6, 2025 withdrawn
Incus Allocation of Resources Without Limits allows firewall rule bypass on managed bridge networks Low
CVE-2025-52889 was published for github.com/lxc/incus/v6 (Go) Jun 26, 2025
obp-anssi
Pion Interceptor's improper RTP padding handling allows remote crash for SFU users (DoS) High
CVE-2025-49140 was published for github.com/pion/interceptor (Go) Jun 9, 2025
JoeTurki kmansoft
3DRX
CoreDNS Vulnerable to DoQ Memory Exhaustion via Stream Amplification High
CVE-2025-47950 was published for github.com/coredns/coredns (Go) Jun 6, 2025
thevilledev dfunkt
Babylon Integer Overflow in Distribution Module CumulativeRewardRatio Calculation Leading to Chain Halt High
GHSA-869w-47c6-fq8q was published for github.com/babylonlabs-io/babylon (Go) May 15, 2025
Mattermost fails to limit the size of a request path Low
CVE-2024-22091 was published for github.com/mattermost/mattermost-server (Go) Apr 26, 2024
Mattermost fails to limit the number of active sessions Moderate
CVE-2024-4183 was published for github.com/mattermost/mattermost-server (Go) Apr 26, 2024
Volcano Scheduler Denial of Service via Unbounded Response from Elastic Service/extender Plugin High
CVE-2025-32777 was published for volcano.sh/volcano (Go) Apr 30, 2025
kevin-wangzefeng Monokaix
AdamKorcz
OPA server Data API HTTP path injection of Rego High
CVE-2025-46569 was published for github.com/open-policy-agent/opa (Go) May 1, 2025
GamrayW HyouKash
AdrienIT
Mattermost Playbooks fails to validate the uniqueness and quantity of task actions Moderate
CVE-2025-35965 was published for github.com/mattermost/mattermost-plugin-playbooks (Go) Apr 24, 2025
tar-split memory exhaustion Moderate
CVE-2017-14992 was published for github.com/vbatts/tar-split (Go) May 17, 2022
golang.org/x/crypto Vulnerable to Denial of Service (DoS) via Slow or Incomplete Key Exchange High
CVE-2025-22869 was published for golang.org/x/crypto (Go) Apr 12, 2025
Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination Moderate
CVE-2025-32386 was published for helm.sh/helm/v3 (Go) Apr 10, 2025
jake-ciolek
bep/imagemeta allows a potentially large memory allocation in PNG and WebP parsing Moderate
CVE-2025-32025 was published for github.com/bep/imagemeta (Go) Apr 9, 2025
jupenur
bep/imagemeta allows excessively large EXIF data structures Moderate
CVE-2025-32024 was published for github.com/bep/imagemeta (Go) Apr 9, 2025
jupenur
Nethermind Juno Potential Denial of Service (DoS) via Integer Overflow High
CVE-2025-29072 was published for github.com/NethermindEth/juno (Go) Mar 27, 2025
Ollama Allocation of Resources Without Limits or Throttling vulnerability High
CVE-2025-0315 was published for github.com/ollama/ollama (Go) Mar 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database