GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,904
Erlang
38
GitHub Actions
38
Go
2,566
Maven
5,000+
npm
4,237
NuGet
753
pip
4,001
Pub
12
RubyGems
953
Rust
1,042
Swift
45
Unreviewed advisories
All unreviewed
5,000+
612 advisories
Filter by severity
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to...
Moderate
Unreviewed
CVE-2022-42317
was published
Nov 1, 2022
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to...
Moderate
Unreviewed
CVE-2022-42316
was published
Nov 1, 2022
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1...
Moderate
Unreviewed
CVE-2025-0915
was published
May 5, 2025
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1...
Moderate
Unreviewed
CVE-2025-1000
was published
May 5, 2025
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to...
Moderate
Unreviewed
CVE-2022-42318
was published
Nov 1, 2022
Possible DoS by memory exhaustion in net-imap
Moderate
CVE-2025-25186
was published
for
net-imap
(RubyGems)
Feb 10, 2025
net-imap rubygem vulnerable to possible DoS by memory exhaustion
Moderate
CVE-2025-43857
was published
for
net-imap
(RubyGems)
Apr 28, 2025
A vulnerability in the web application of ctrlX OS allows a remote authenticated (low-privileged)...
Moderate
Unreviewed
CVE-2025-24341
was published
Apr 30, 2025
Keycloak Denial of Service (DoS) Vulnerability via JWT Token Cache
Moderate
CVE-2025-2559
was published
for
org.keycloak:keycloak-services
(Maven)
Mar 25, 2025
GraphQL Armor Cost-Limit Plugin Bypass via Introspection Query Obfuscation
Moderate
GHSA-733v-p3h5-qpq7
was published
for
@escape.tech/graphql-armor-cost-limit
(npm)
Apr 25, 2025
quickjs-ng through 0.9.0 has a missing length check in JS_ReadString for a string, leading to a...
Moderate
Unreviewed
CVE-2025-46687
was published
Apr 27, 2025
Mattermost Playbooks fails to validate the uniqueness and quantity of task actions
Moderate
CVE-2025-35965
was published
for
github.com/mattermost/mattermost-plugin-playbooks
(Go)
Apr 24, 2025
Denial of service due to allocation of resources without limits. The following products are...
Moderate
Unreviewed
CVE-2025-30409
was published
Apr 24, 2025
An issue has been discovered affecting service availability via issue preview in GitLab CE/EE...
Moderate
Unreviewed
CVE-2025-0639
was published
Apr 24, 2025
An issue was discovered in Couchbase Server through 7.2.2. A data reader may cause a denial of...
Moderate
Unreviewed
CVE-2023-45873
was published
Feb 29, 2024
Cuba has a DoS in the File Storage
Moderate
CVE-2025-32959
was published
for
com.haulmont.cuba:cuba-core
(Maven)
Apr 22, 2025
tar-split memory exhaustion
Moderate
CVE-2017-14992
was published
for
github.com/vbatts/tar-split
(Go)
May 17, 2022
_bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd),...
Moderate
Unreviewed
CVE-2017-14938
was published
May 13, 2022
The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 mishandles EOCD records, which...
Moderate
Unreviewed
CVE-2017-14107
was published
May 13, 2022
In ytnef 1.9.2, an allocation failure was found in the function TNEFFillMapi in ytnef.c, which...
Moderate
Unreviewed
CVE-2017-12144
was published
May 13, 2022
GNU Binutils 2.28 allows remote attackers to cause a denial of service (memory consumption) via a...
Moderate
Unreviewed
CVE-2017-9039
was published
May 13, 2022
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). ...
Moderate
Unreviewed
CVE-2025-30688
was published
Apr 15, 2025
Allocation of Resources Without Limits or Throttling vulnerability in Drupal Stage File Proxy...
Moderate
Unreviewed
CVE-2025-3734
was published
Apr 16, 2025
vLLM vulnerable to Denial of Service by abusing xgrammar cache
Moderate
GHSA-hf3c-wxg2-49q9
was published
for
vllm
(pip)
Apr 15, 2025
Some Dahua software products have a vulnerability of unauthenticated un-throttled ICMP requests...
Moderate
Unreviewed
CVE-2022-45434
was published
Dec 27, 2022
ProTip!
Advisories are also available from the
GraphQL API