Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

643 advisories

Loading
urllib3 allows an unbounded number of links in the decompression chain High
CVE-2025-66418 was published for urllib3 (pip) Dec 5, 2025
illia-v sethmlarson
pquentin
Credited to illia-v, sethmlarson, and pquentin
Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity... High Unreviewed
CVE-2025-12385 was published Dec 3, 2025
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.4.5,... High Unreviewed
CVE-2025-12571 was published Nov 26, 2025
Babylon's malformed vote extensions are not rejected High
GHSA-2fcv-qww3-9v6h was published for github.com/babylonlabs-io/babylon/v4 (Go) Nov 24, 2025
Allocation of Resources Without Limits or Throttling vulnerability in Shelly Pro 4PM (before v1.6... High Unreviewed
CVE-2025-11243 was published Nov 19, 2025
EasyFlow GP developed by Digiwin has a Denial of service vulnerability, allowing unauthenticated... High Unreviewed
CVE-2025-13165 was published Nov 17, 2025
Bugsink is vulnerable to unauthenticated remote DoS via crafted Brotli input (via CPU) High
CVE-2025-64509 was published for bugsink (pip) Nov 13, 2025
Cycloctane
Credited to Cycloctane
Bugsink is vulnerable to unauthenticated remote DoS via crafted Brotli input High
CVE-2025-64508 was published for bugsink (pip) Nov 13, 2025
Keycloak TLS Client-Initiated Renegotiation Denial of Service High
CVE-2025-11419 was published for org.keycloak:keycloak-quarkus-dist (Maven) Oct 27, 2025
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.0 before 18.3.5, 18... High Unreviewed
CVE-2025-11447 was published Oct 27, 2025
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.3.5,... High Unreviewed
CVE-2025-10497 was published Oct 27, 2025
Hashicorp Vault and Vault Enterprise vulnerable to a denial of service when processing JSON High
CVE-2025-12044 was published for github.com/hashicorp/vault (Go) Oct 23, 2025
NeuVector telemetry sender is vulnerable to MITM and DoS High
CVE-2025-54470 was published for github.com/neuvector/neuvector (Go) Oct 21, 2025
mmalesev
Credited to mmalesev
A lack of rate limiting in the component /Home/UploadStreamDocument of SigningHub v8.6.8 allows... High Unreviewed
CVE-2025-56223 was published Oct 20, 2025
On BIG-IP Next CNF, BIG-IP Next SPK, and BIG-IP Next for Kubernetes systems, repeated undisclosed... High Unreviewed
CVE-2025-55670 was published Oct 15, 2025
When the Allowed IP Addresses feature is configured on the F5OS-C partition control plane,... High Unreviewed
CVE-2025-59778 was published Oct 15, 2025
When a BIG-IP APM Access Policy is configured on a virtual server, undisclosed traffic can cause... High Unreviewed
CVE-2025-53521 was published Oct 15, 2025
When an iRule containing the HTTP::respond command is configured on a virtual server, undisclosed... High Unreviewed
CVE-2025-46706 was published Oct 15, 2025
When BIG-IP SSL Orchestrator is enabled, undisclosed traffic can cause the Traffic Management... High Unreviewed
CVE-2025-41430 was published Oct 15, 2025
A denial-of-service security issue exists in the affected product and version. The security issue... High Unreviewed
CVE-2025-9177 was published Oct 14, 2025
Authlib is vulnerable to Denial of Service via Oversized JOSE Segments High
CVE-2025-61920 was published for authlib (pip) Oct 10, 2025
AL-Cybision
Credited to AL-Cybision
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.12 to 18.2.8, 18.3... High Unreviewed
CVE-2025-10004 was published Oct 9, 2025
pdfmake is vulnerable to Throttling via repeatedly redirecting URL in file embedding High
CVE-2025-11362 was published for pdfmake (npm) Oct 7, 2025
jeran-urban
Credited to jeran-urban
An allocation of resources without limits or throttling vulnerability has been reported to affect... High Unreviewed
CVE-2025-44012 was published Oct 3, 2025
An allocation of resources without limits or throttling vulnerability has been reported to affect... High Unreviewed
CVE-2025-33039 was published Oct 3, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database