Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,831
Maven
5,000+
npm
4,462
NuGet
775
pip
4,226
Pub
12
RubyGems
972
Rust
1,093
Swift
47
Unreviewed advisories
All unreviewed
5,000+

1,381 advisories

Loading
A security flaw has been discovered in Open5GS up to 2.7.5. This issue affects some unknown... Moderate Unreviewed
CVE-2025-15532 was published Jan 17, 2026
Paessler PRTG Network Monitor before 25.4.114 allows Denial-of-Service (DoS) by an authenticated... Moderate Unreviewed
CVE-2025-67835 was published Jan 14, 2026
memory leak flaw was found in ruby-magick Moderate
CVE-2023-5349 was published for rmagick (RubyGems) Oct 30, 2023
When reading an HTTP response from a server, if no read amount is specified, the default behavior... Moderate Unreviewed
CVE-2025-13836 was published Dec 1, 2025
UxPlay 1.72 contains a double free vulnerability in its RTSP request handling. A specially... Moderate Unreviewed
CVE-2025-60458 was published Dec 29, 2025
Node Denial of Service via kubelet Checkpoint API Moderate
CVE-2025-0426 was published for k8s.io/kubernetes (Go) Feb 13, 2025
Hash collision in typelevel jawn Moderate
CVE-2022-21653 was published for org.typelevel:jawn-parser_0.25 (Maven) Jan 6, 2022
nrktkt
Credited to nrktkt
In multiple locations, there is a possible permanent denial of service due to resource exhaustion... Moderate Unreviewed
CVE-2025-48569 was published Dec 8, 2025
In InputMethodInfo of InputMethodInfo.java, there is a possible permanent denial of service due... Moderate Unreviewed
CVE-2025-48603 was published Dec 8, 2025
In updateNotificationChannelGroupFromPrivilegedListener of NotificationManagerService.java, there... Moderate Unreviewed
CVE-2025-48576 was published Dec 8, 2025
In verifyAndGetBypass of AppOpsService.java, there is a possible method for a malicious app to... Moderate Unreviewed
CVE-2025-48590 was published Dec 8, 2025
In multiple functions of NotificationManagerService.java, there is a possible way to bypass the... Moderate Unreviewed
CVE-2025-48584 was published Dec 8, 2025
Hotta Studio GameDriverX64.sys 7.23.4.7, a signed kernel-mode anti-cheat driver, allows local... Moderate Unreviewed
CVE-2025-61155 was published Oct 28, 2025
Grav is vulnerable to a DOS on the admin panel Moderate
CVE-2025-66303 was published for getgrav/grav (Composer) Dec 2, 2025
alix41dsec
Credited to alix41dsec
HackerOne community member Dao Hoang Anh (yoyomiski) has reported an uncontrolled resource... Moderate Unreviewed
CVE-2025-55128 was published Nov 20, 2025
pypdf's LZWDecode streams be manipulated to exhaust RAM Moderate
CVE-2025-66019 was published for pypdf (pip) Nov 24, 2025
aydinnyunus stefan6419846
Credited to aydinnyunus and stefan6419846
body-parser is vulnerable to denial of service when url encoding is used Moderate
CVE-2025-13466 was published for body-parser (npm) Nov 25, 2025
Phillip9587 bjohansebas
UlisesGascon ctcpip sheplu jonchurch
Credited to Phillip9587, bjohansebas, UlisesGascon, ctcpip, sheplu, and jonchurch
The Flock Safety Android Collins application (aka com.flocksafety.android.collins) 6.35.31 for... Moderate Unreviewed
CVE-2025-59403 was published Oct 2, 2025
net-imap rubygem vulnerable to possible DoS by memory exhaustion Moderate
CVE-2025-43857 was published for net-imap (RubyGems) Apr 28, 2025
Masamuneee nevans
Credited to Masamuneee and nevans
Ribose RNP before 0.16.3 may hang when the input is malformed. Moderate Unreviewed
CVE-2023-29479 was published Apr 24, 2023
An uncontrolled resource consumption vulnerability in the web server of Zyxel DX3301-T0 firmware... Moderate Unreviewed
CVE-2025-6599 was published Nov 18, 2025
Uncontrolled resource consumption for some Gaudi software before version 1.21.0 within Ring 3:... Moderate Unreviewed
CVE-2025-27249 was published Nov 11, 2025
FS2 half-shutdown of socket during TLS handshake may result in spin loop on opposite side Moderate
CVE-2025-58369 was published for co.fs2:fs2-io_0.26 (Maven) Sep 5, 2025
lukestephenson-zendesk
Credited to lukestephenson-zendesk
Zohocorp ManageEngine Exchange Reporter Plus through 5721 are vulnerable to ReDOS vulnerability... Moderate Unreviewed
CVE-2025-5342 was published Oct 30, 2025
Apereo CAS has inefficient regular expression complexity Moderate
CVE-2025-3985 was published for org.apereo.cas:cas-management-webapp-support (Maven) Apr 27, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database