Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,846
Erlang
36
GitHub Actions
33
Go
2,467
Maven
5,000+
npm
4,090
NuGet
733
pip
3,907
Pub
12
RubyGems
944
Rust
1,011
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,210 advisories

Loading
An issue has been discovered in GitLab CE/EE affecting all versions from 8.15 before 18.1.5, 18.2... Moderate Unreviewed
CVE-2025-3601 was published Aug 27, 2025
An issue has been discovered in GitLab CE/EE affecting all versions from 14.1 before 18.1.5, 18.2... Moderate Unreviewed
CVE-2025-4225 was published Aug 27, 2025
Liferay Portal users can upload an unlimited amount of files Moderate
CVE-2025-43762 was published for com.liferay:com.liferay.dynamic.data.mapping.form.field.type (Maven) Aug 22, 2025
Liferay Portal's Unlimited File Upload Could Result in DoS Moderate
CVE-2025-43752 was published for com.liferay.portal:release.portal.bom (Maven) Aug 22, 2025
Eclipse Jetty affected by MadeYouReset HTTP/2 vulnerability High
CVE-2025-5115 was published for org.eclipse.jetty.http2:http2-common (Maven) Aug 20, 2025
galbarnahum AnatBB
YanivRL
CRI-O has Potential High Memory Consumption from File Read Moderate
CVE-2025-4437 was published for github.com/cri-o/cri-o (Go) Aug 20, 2025
IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of... Moderate Unreviewed
CVE-2025-36047 was published Aug 14, 2025
Helm Charts with Specific JSON Schema Values Can Cause Memory Exhaustion Moderate
CVE-2025-55199 was published for helm.sh/helm/v3 (Go) Aug 14, 2025
jake-ciolek
PyPDF's Manipulated FlateDecode streams can exhaust RAM Moderate
CVE-2025-55197 was published for pypdf (pip) Aug 13, 2025
jakiki6 stefan6419846
Netty affected by MadeYouReset HTTP/2 DDoS vulnerability High
CVE-2025-55163 was published for io.netty:netty-codec-http2 (Maven) Aug 13, 2025
galbarnahum AnatBB
YanivRL
An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 18.0.6, 18.1... Moderate Unreviewed
CVE-2025-2614 was published Aug 13, 2025
An issue has been discovered in GitLab CE/EE affecting all versions from 8.14 before 18.0.6, 18.1... Moderate Unreviewed
CVE-2025-1477 was published Aug 13, 2025
An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control... Moderate Unreviewed
CVE-2025-54500 was published Aug 13, 2025
Bouncy Castle for Java bcpkix, bcprov, bcpkix-fips on All (API modules) allows Excessive Allocation Moderate
CVE-2025-8916 was published for org.bouncycastle:bcpkix-fips (Maven) Aug 13, 2025
Allocation of resources without limits or throttling in Windows DirectX allows an authorized... Moderate Unreviewed
CVE-2025-50172 was published Aug 12, 2025
A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V10.0), SIPROTEC... Low Unreviewed
CVE-2025-40570 was published Aug 12, 2025
Bouncy Castle for Java on All (API modules) allows Excessive Allocation Moderate
CVE-2025-8885 was published for org.bouncycastle:bc-fips (Maven) Aug 12, 2025
Liferay Portal and Liferay DXP have a Denial Of Service via File Upload (DOS) vulnerability Moderate
CVE-2025-43736 was published for com.liferay.portal:release.dxp.bom (Maven) Aug 12, 2025
Duplicate Advisory: Denial of service via malicious preflight requests in github.com/rs/cors Low
GHSA-vh9x-phq6-fx54 was published for github.com/rs/cors (Go) Aug 6, 2025 withdrawn
FPDI allows Memory Exhaustion (OOM) in PDF Parser which leads to Denial of Service Moderate
CVE-2025-54869 was published for setasign/fpdi (Composer) Aug 5, 2025
N0zoM1z0
LiteSpeed QUIC (LSQUIC) Library before 4.3.1 has an lsquic_engine_packet_in memory leak. Moderate Unreviewed
CVE-2025-54939 was published Aug 1, 2025
OpenEXR Out-Of-Memory via Unbounded File Header Values Moderate
CVE-2025-48074 was published for OpenEXR (pip) Jul 31, 2025
suidpit ndaprela
TheZ3ro smaury
An unauthenticated remote attacker can cause a Denial of Service by sending a large number of... High Unreviewed
CVE-2025-2813 was published Jul 31, 2025
SixLabors ImageSharp Has Infinite Loop in GIF Decoder When Skipping Malformed Comment Extension Blocks Moderate
CVE-2025-54575 was published for SixLabors.ImageSharp (NuGet) Jul 30, 2025
whatevicanhaz
Ruby SAML DOS vulnerability with large SAML response Moderate
CVE-2025-54572 was published for ruby-saml (RubyGems) Jul 30, 2025
dblessing
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database