Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,670
Maven
5,000+
npm
4,296
NuGet
760
pip
4,075
Pub
12
RubyGems
957
Rust
1,058
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,322 advisories

Loading
vLLM vulnerable to DoS via large Chat Completion or Tokenization requests with specially crafted `chat_template_kwargs` Moderate
CVE-2025-62426 was published for vllm (pip) Nov 20, 2025
russellb Isotr0py
DarkLight1337
Credited to russellb, Isotr0py, and DarkLight1337
golang.org/x/crypto/ssh allows an attacker to cause unbounded memory consumption Moderate
CVE-2025-58181 was published for golang.org/x/crypto (Go) Nov 19, 2025
Allocation of Resources Without Limits or Throttling vulnerability in Shelly Pro 4PM (before v1.6... High Unreviewed
CVE-2025-11243 was published Nov 19, 2025
In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the invite user... Moderate Unreviewed
CVE-2025-54320 was published Nov 18, 2025
joserfc has Possible Uncontrolled Resource Consumption Vulnerability Triggered by Logging Arbitrarily Large JWT Token Payloads Critical
CVE-2025-65015 was published for joserfc (pip) Nov 18, 2025
ooliv
Credited to ooliv
EasyFlow GP developed by Digiwin has a Denial of service vulnerability, allowing unauthenticated... High Unreviewed
CVE-2025-13165 was published Nov 17, 2025
SpiceDB WriteRelationships fails silently if payload is too big Low
CVE-2025-64529 was published for github.com/authzed/spicedb (Go) Nov 13, 2025
Bugsink is vulnerable to unauthenticated remote DoS via crafted Brotli input (via CPU) High
CVE-2025-64509 was published for bugsink (pip) Nov 13, 2025
Cycloctane
Credited to Cycloctane
Bugsink is vulnerable to unauthenticated remote DoS via crafted Brotli input High
CVE-2025-64508 was published for bugsink (pip) Nov 13, 2025
If an attacker causes kdcproxy to connect to an attacker-controlled KDC server (e.g. through... Moderate Unreviewed
CVE-2025-59089 was published Nov 12, 2025
A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of... Moderate Unreviewed
CVE-2025-12748 was published Nov 11, 2025
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes... Moderate Unreviewed
CVE-2025-36008 was published Nov 7, 2025
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes... Moderate Unreviewed
CVE-2025-36136 was published Nov 7, 2025
An allocation of resources without limits or throttling vulnerability has been reported to affect... Low Unreviewed
CVE-2025-53411 was published Nov 7, 2025
An allocation of resources without limits or throttling vulnerability has been reported to affect... Moderate Unreviewed
CVE-2025-53409 was published Nov 7, 2025
An allocation of resources without limits or throttling vulnerability has been reported to affect... Moderate Unreviewed
CVE-2025-53413 was published Nov 7, 2025
An allocation of resources without limits or throttling vulnerability has been reported to affect... Moderate Unreviewed
CVE-2025-53410 was published Nov 7, 2025
MantisBT Vulnerable to Denial-of-Service (DoS) via Excessive Note Length Moderate
CVE-2025-46556 was published for mantisbt/mantisbt (Composer) Nov 3, 2025
TheAmazeng dregad
Credited to TheAmazeng and dregad
Consul key/value endpoint is vulnerable to denial of service Moderate
CVE-2025-11374 was published for github.com/hashicorp/consul (Go) Oct 28, 2025
Consul event endpoint is vulnerable to denial of service Moderate
CVE-2025-11375 was published for github.com/hashicorp/consul (Go) Oct 28, 2025
Keycloak TLS Client-Initiated Renegotiation Denial of Service High
CVE-2025-11419 was published for org.keycloak:keycloak-quarkus-dist (Maven) Oct 27, 2025
An attacker that gains SSH access to an unprivileged account may be able to disrupt services ... Moderate Unreviewed
CVE-2025-59459 was published Oct 27, 2025
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.7 before 18.3.5, 18... Moderate Unreviewed
CVE-2025-11974 was published Oct 27, 2025
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.3.5,... High Unreviewed
CVE-2025-10497 was published Oct 27, 2025
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.0 before 18.3.5, 18... High Unreviewed
CVE-2025-11447 was published Oct 27, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database