GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,217
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,443
Swift
61
Unreviewed advisories
All unreviewed
5,000+
15 advisories
Filter by severity
PHP JWT Library: PBES2-HS*+A*KW unwrap accepts an unbounded p2c iteration count, enabling CPU-amplification denial of service
High
GHSA-3prj-6hqw-cm82
was published
for
web-token/jwt-framework
(Composer)
Jun 18, 2026
PhpSpreadsheet has CPU Denial of Service via Unbounded Row Number in XLSX Row Dimensions
High
CVE-2026-40902
was published
for
phpoffice/phpspreadsheet
(Composer)
Apr 29, 2026
PhpSpreadsheet has CPU Denial of Service via Unbounded Row Index in SpreadsheetML XML Reader
High
CVE-2026-40863
was published
for
phpoffice/phpspreadsheet
(Composer)
Apr 29, 2026
PocketMine-MP: JSON decoding of unlimited size large arrays/objects in ModalFormResponse Handling
High
GHSA-788v-5pfp-93ff
was published
for
pocketmine/pocketmine-mp
(Composer)
Apr 6, 2026
AVideo Affected by Unauthenticated Disk Space Exhaustion via Unlimited Temp File Creation in aVideoEncoderChunk.json.php
High
CVE-2026-33483
was published
for
wwbn/avideo
(Composer)
Mar 20, 2026
Uncontrolled Resource Consumption in moodle
High
CVE-2024-25978
was published
for
moodle/moodle
(Composer)
Feb 19, 2024
Unauthenticated Craft CMS users can trigger a database backup
High
CVE-2025-68456
was published
for
craftcms/cms
(Composer)
Jan 5, 2026
PocketMine-MP `ResourcePackDataInfoPacket` amplification vulnerability due to lack of resource pack sequence status checking
High
GHSA-fqqv-56h5-f57g
was published
for
pocketmine/pocketmine-mp
(Composer)
Sep 2, 2025
Drupal Admin Audit Trail Allocation of Resources Without Limits or Throttling vulnerability
High
CVE-2025-48448
was published
for
drupal/admin_audit_trail
(Composer)
Jun 11, 2025
TYPO3 Denial of Service in Frontend Record Registration
High
GHSA-g585-crjf-vhwq
was published
for
typo3/cms
(Composer)
Jun 7, 2024
Flooding Server with Thumbnail files
High
CVE-2024-32871
was published
for
pimcore/pimcore
(Composer)
Jun 4, 2024
TYPO3 Denial of Service in Frontend Record Registration
High
GHSA-hjx5-v9xg-7h25
was published
for
typo3/cms-core
(Composer)
May 30, 2024
Moodle denial-of-service risk in the draft files area
High
CVE-2021-32476
was published
for
moodle/moodle
(Composer)
Mar 12, 2022
amphp/http-client Denial of Service via HTTP/2 CONTINUATION Frames
High
GHSA-w8gf-g2vq-j2f4
was published
for
amphp/http-client
(Composer)
Apr 3, 2024
DDOS attack on graphql endpoints
High
CVE-2023-28104
was published
for
silverstripe/graphql
(Composer)
Mar 16, 2023
ProTip!
Advisories are also available from the
GraphQL API