Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,426
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,670
Pub
13
RubyGems
1,029
Rust
1,212
Swift
53
Unreviewed advisories
All unreviewed
5,000+

146 advisories

Loading
Multer vulnerable to Denial of Service via incomplete cleanup High
CVE-2026-3304 was published for multer (npm) Mar 1, 2026
EthanKim88 Credited to EthanKim88, ctcpip, UlisesGascon, and bjohansebas ctcpip ctcpip
UlisesGascon UlisesGascon bjohansebas bjohansebas
Vikunja Vulnerable to Account Takeover via Password Reset Token Reuse Critical
CVE-2026-28268 was published for code.vikunja.io/api (Go) Feb 28, 2026
VashuVats Credited to VashuVats
In JetBrains TeamCity before 2025.11.3 disabling versioned settings left a credentials config on... Low Unreviewed
CVE-2026-28196 was published Feb 25, 2026
webtransport-go: Memory Exhaustion Attack due to Missing Cleanup of Streams Map Moderate
CVE-2026-21438 was published for github.com/quic-go/webtransport-go (Go) Feb 12, 2026
Tanium addressed an uncontrolled resource consumption vulnerability in Connect. Moderate Unreviewed
CVE-2025-15331 was published Feb 5, 2026
Apache Struts has a Denial of Service vulnerability High
CVE-2025-66675 was published for org.apache.struts:struts2-core (Maven) Dec 10, 2025
Babylon Incorrect FP inactive accounting in costaking creates “phantom stake” that earns rewards after BTC unbond Moderate
GHSA-4rmq-mc2c-r495 was published for github.com/babylonlabs-io/babylon (Go) Dec 9, 2025
Apache Struts is Vulnerable to DoS via File Leak High
CVE-2025-64775 was published for org.apache.struts:struts2-core (Maven) Dec 1, 2025
A bug within some AMD CPUs could allow a local admin-privileged attacker to run a SEV-SNP guest... Moderate Unreviewed
CVE-2025-29934 was published Nov 21, 2025
PerfreeBlog v4.0.11 has an arbitrary file deletion vulnerability in the unInstallTheme function High Unreviewed
CVE-2025-60730 was published Oct 24, 2025
There is an incomplete cleanup vulnerability in Qt Network's Schannel support on Windows which... Critical Unreviewed
CVE-2025-6338 was published Oct 16, 2025
When DNS cache is configured on a BIG-IP or BIG-IP Next CNF virtual server, undisclosed DNS... High Unreviewed
CVE-2025-59781 was published Oct 15, 2025
A vulnerability in the Day One setup process of Cisco IOS XE Software for Catalyst 9800 Series... Moderate Unreviewed
CVE-2025-20293 was published Sep 24, 2025
CMSEasy v7.7.8.0 and before is vulnerable to Arbitrary file deletion in database_admin.php. Moderate Unreviewed
CVE-2025-55910 was published Sep 22, 2025
Improper cleanup in AMD CPU microcode patch loading could allow an attacker with local... High Unreviewed
CVE-2025-0032 was published Sep 6, 2025
Incomplete cleanup after loading a CPU microcode patch may allow a privileged attacker to degrade... Low Unreviewed
CVE-2024-21977 was published Sep 5, 2025
Tunnelblick 3.5beta06 before 7.0, when incompletely uninstalled, allows attackers to execute... High Unreviewed
CVE-2025-43711 was published Jul 5, 2025
In the Linux kernel, the following vulnerability has been resolved: sch_hfsc: make... Moderate Unreviewed
CVE-2025-38177 was published Jul 4, 2025
An incomplete cleanup vulnerability [CWE-459] in FortiOS 7.2 all versions and before &... Low Unreviewed
CVE-2023-29184 was published Jun 10, 2025
In the Linux kernel, the following vulnerability has been resolved: mm, slab: clean up slab-... High Unreviewed
CVE-2025-37908 was published May 20, 2025
Apache Tomcat Denial of Service via invalid HTTP priority header Moderate
CVE-2025-31650 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Apr 28, 2025
amita-seal Credited to amita-seal
A denial of service vulnerability exists in the NetX Component HTTP server functionality of... Moderate Unreviewed
CVE-2024-50384 was published Apr 2, 2025
A denial of service vulnerability exists in the NetX Component HTTP server functionality of... Moderate Unreviewed
CVE-2024-50385 was published Apr 2, 2025
In the Linux kernel, the following vulnerability has been resolved: net: hns3: make sure ptp... Moderate Unreviewed
CVE-2025-21924 was published Apr 1, 2025
In the Linux kernel, the following vulnerability has been resolved: nvmem: core: fix cleanup... Moderate Unreviewed
CVE-2023-52929 was published Mar 27, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database