Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,778
Erlang
36
GitHub Actions
29
Go
2,336
Maven
5,000+
npm
3,969
NuGet
713
pip
3,767
Pub
12
RubyGems
923
Rust
976
Swift
38
Unreviewed advisories
All unreviewed
5,000+

891 advisories

Loading
Liferay Portal SessionClicks does not restrict the saving of request parameters in the HTTP session High
CVE-2025-3526 was published for com.liferay.portal:com.liferay.portal.kernel (Maven) Jun 16, 2025
Liferay Portal does not limit the depth of a GraphQL queries High
CVE-2025-3602 was published for com.liferay:com.liferay.portal.vulcan.impl (Maven) Jun 16, 2025
taro-css-to-react-native Regular Expression Denial of Service vulnerability Moderate
CVE-2025-5896 was published for taro-css-to-react-native (npm) Jun 9, 2025
@vue/cli-plugin-pwa Regular Expression Denial of Service vulnerability Moderate
CVE-2025-5897 was published for @vue/cli-plugin-pwa (npm) Jun 9, 2025
brace-expansion Regular Expression Denial of Service vulnerability Low
CVE-2025-5889 was published for brace-expansion (npm) Jun 9, 2025
turi4200 carboneater
viceice
pm2 Regular Expression Denial of Service vulnerability Low
CVE-2025-5891 was published for pm2 (npm) Jun 9, 2025
Authorino Uncontrolled Resource Consumption vulnerability Moderate
CVE-2025-25208 was published for github.com/kuadrant/authorino (Go) Jun 9, 2025
Authorino Uncontrolled Resource Consumption vulnerability Moderate
CVE-2025-25207 was published for github.com/kuadrant/authorino (Go) Jun 9, 2025
Ackites KillWxapkg Zip Bomb Resource Exhaustion Low
CVE-2025-5031 was published for github.com/Ackites/KillWxapkg (Go) May 21, 2025
Meteor Affected By Inefficient Regular Expression Complexity Moderate
CVE-2025-4727 was published for meteor (npm) May 16, 2025
LlamaIndex Vulnerable to Denial of Service (DoS) High
CVE-2025-1752 was published for llama-index (pip) May 10, 2025
Apache Commons Configuration Uncontrolled Resource Consumption Low
CVE-2025-46392 was published for commons-configuration:commons-configuration (Maven) May 9, 2025
Eclipse Jetty HTTP/2 client can force the server to allocate a humongous byte buffer that may lead to OoM and subsequently the JVM to exit High
CVE-2025-1948 was published for org.eclipse.jetty.http2:jetty-http2-common (Maven) May 8, 2025
bjorncs
Rack has an Unbounded-Parameter DoS in Rack::QueryParser High
CVE-2025-46727 was published for rack (RubyGems) May 8, 2025
TaiPhung217 jeremyevans
ioquatix
Linkerd resource exhaustion vulnerability Moderate
CVE-2025-43915 was published for github.com/linkerd/linkerd2 (Go) May 5, 2025
ericd
net-imap rubygem vulnerable to possible DoS by memory exhaustion Moderate
CVE-2025-43857 was published for net-imap (RubyGems) Apr 28, 2025
Masamuneee nevans
Apereo CAS has inefficient regular expression complexity Moderate
CVE-2025-3986 was published for org.apereo.cas:cas-server-core-configuration-metadata-repository (Maven) Apr 27, 2025
GraphQL Armor Cost-Limit Plugin Bypass via Introspection Query Obfuscation Moderate
GHSA-733v-p3h5-qpq7 was published for @escape.tech/graphql-armor-cost-limit (npm) Apr 25, 2025
M0ngi EvertEt
Elasticsearch Vulnerable to Stack Overflow due to a Large Recursion Moderate
CVE-2024-52981 was published for org.elasticsearch:elasticsearch (Maven) Apr 8, 2025
AnonySE26
Elasticsearch Potential Node Crash due to Large Recursion in `innerForbidCircularReferences` Function Moderate
CVE-2024-52980 was published for org.elasticsearch:elasticsearch (Maven) Apr 8, 2025
AnonySE26
Redlib allows a Denial of Service via DEFLATE Decompression Bomb in restore_preferences Form High
CVE-2025-30160 was published for redlib (Rust) Mar 21, 2025
Tokarak
Aim Uncontrolled Resource Consumption vulnerability High
CVE-2025-0189 was published for aim (pip) Mar 20, 2025
MLflow Uncontrolled Resource Consumption vulnerability Moderate
CVE-2025-0453 was published for mlflow (pip) Mar 20, 2025
Open WebUI Unauthenticated Multipart Boundary Denial of Service (DoS) Vulnerability High
GHSA-5ccf-884p-4jjq was published for open-webui (npm) Mar 20, 2025
ZenML unauthenticated DoS via Multipart Boundry High
CVE-2024-9340 was published for zenml (pip) Mar 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database