Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,908
Erlang
39
GitHub Actions
38
Go
2,568
Maven
5,000+
npm
4,240
NuGet
754
pip
4,004
Pub
12
RubyGems
953
Rust
1,042
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,291 advisories

Loading
Bouncy Castle for Java bcpkix, bcprov, bcpkix-fips on All (API modules) allows Excessive Allocation Moderate
CVE-2025-8916 was published for org.bouncycastle:bcpkix-fips (Maven) Aug 13, 2025
Allocation of Resources Without Limits or Throttling vulnerability in Azure Access Technology BLU... Critical Unreviewed
CVE-2025-11832 was published Oct 15, 2025
When loading a specifically crafted ICNS format image file in QImage then it will trigger a crash... Moderate Unreviewed
CVE-2025-5683 was published Jun 5, 2025
Aim Uncontrolled Resource Consumption vulnerability High
CVE-2025-0189 was published for aim (pip) Mar 20, 2025
Quivr unauthenticated Denial of Service (DoS) via Multipart Boundary High
CVE-2024-9229 was published for quivr-core (pip) Mar 20, 2025
BentoML Denial of Service (DoS) via Multipart Boundary High
CVE-2024-9056 was published for bentoml (pip) Mar 20, 2025
LiteLLM Vulnerable to Denial of Service (DoS) via Crafted HTTP Request High
CVE-2024-8984 was published for litellm (pip) Mar 20, 2025
ishaan-jaff
Credited to ishaan-jaff
Gradio DOS in multipart boundry while uploading the file High
CVE-2024-8966 was published for gradio (pip) Mar 20, 2025
Open WebUI denial of service through endpoint for converting markdown High
CVE-2024-7983 was published for open-webui (pip) Mar 20, 2025
H2O Vulnerable to Denial of Service (DoS) via `/3/ImportFiles` Endpoint High
CVE-2024-7768 was published for ai.h2o:h2o-core (Maven) Mar 20, 2025
Aim Uncontrolled Resource Consumption vulnerability High
CVE-2024-12778 was published for aim (pip) Mar 20, 2025
HyperLPR Denial of Service vulnerability High
CVE-2024-10713 was published for hyperlpr3 (pip) Mar 20, 2025
SuperAGI version v0.0.14 is vulnerable to an unauthenticated Denial of Service (DoS) attack. The... High Unreviewed
CVE-2024-9437 was published Mar 20, 2025
A vulnerability in parisneo/lollms-webui v13 arises from the server's handling of multipart... High Unreviewed
CVE-2025-1451 was published Mar 20, 2025
A vulnerability in danswer-ai/danswer v0.3.94 allows an attacker to cause a Denial of Service ... High Unreviewed
CVE-2024-8028 was published Mar 20, 2025
A vulnerability in danswer-ai/danswer version 0.9.0 allows for denial of service through memory... High Unreviewed
CVE-2025-0182 was published Mar 20, 2025
A vulnerability in imartinez/privategpt version 0.5.0 allows for a Denial of Service (DOS) attack... High Unreviewed
CVE-2024-8018 was published Mar 20, 2025
In danny-avila/librechat version git 0c2a583, there is an improper input validation vulnerability... High Unreviewed
CVE-2024-11171 was published Mar 20, 2025
automatic1111/stable-diffusion-webui version 1.10.0 contains a vulnerability where the server... High Unreviewed
CVE-2024-10935 was published Mar 20, 2025
A vulnerability in haotian-liu/llava v1.2.0 allows an attacker to cause a Denial of Service (DoS)... High Unreviewed
CVE-2024-10225 was published Mar 20, 2025
Realchar version v0.0.4 is vulnerable to an unauthenticated denial of service (DoS) attack. The... High Unreviewed
CVE-2024-10051 was published Mar 20, 2025
A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows an attacker to create... High Unreviewed
CVE-2024-6037 was published Jul 11, 2024
An uncontrolled resource consumption vulnerability exists in the `upload-link` endpoint of... Moderate Unreviewed
CVE-2024-5208 was published Jun 19, 2024
When the Allowed IP Addresses feature is configured on the F5OS-C partition control plane,... High Unreviewed
CVE-2025-59778 was published Oct 15, 2025
When an iRule containing the HTTP::respond command is configured on a virtual server, undisclosed... High Unreviewed
CVE-2025-46706 was published Oct 15, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database