Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,766
Maven
5,000+
npm
4,371
NuGet
767
pip
4,144
Pub
12
RubyGems
962
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,351 advisories

Loading
The HTTPS server on Tapo C200 V3 does not properly validate the Content-Length header, which can... High Unreviewed
CVE-2025-14299 was published Dec 20, 2025
Elasticsearch privileged authenticated users can cause DoS through Excessive Resource Allocation Moderate
CVE-2025-68390 was published for org.elasticsearch.plugin:x-pack-core (Maven) Dec 19, 2025
Elasticsearch has Excessive Allocation of Resources via Submission of Oversized User Settings Data Moderate
CVE-2025-68384 was published for org.elasticsearch.plugin:x-pack-security (Maven) Dec 19, 2025
Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana can allow a low... Moderate Unreviewed
CVE-2025-68389 was published Dec 19, 2025
Elasticsearch Packetbeat has Excessive Allocation of Memory and CPU via Malicious IPv4 Fragments High
CVE-2025-68388 was published for github.com/elastic/beats (Go) Dec 19, 2025
A vulnerability in the web interface of the Güralp Fortimus Series, Minimus Series and Certimus... Moderate Unreviewed
CVE-2025-14466 was published Dec 17, 2025
Expr has Denial of Service via Unbounded Recursion in Builtin Functions High
CVE-2025-68156 was published for github.com/expr-lang/expr (Go) Dec 16, 2025
thevilledev
Credited to thevilledev
Servify-express rate limit issue High
CVE-2025-67731 was published for servify-express (npm) Dec 11, 2025
Aarondoran
Credited to Aarondoran
quic-go HTTP/3 QPACK Header Expansion DoS Moderate
CVE-2025-64702 was published for github.com/quic-go/quic-go (Go) Dec 11, 2025
sfoxio
Credited to sfoxio
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 6.3 before 18.4.6, 18... Moderate Unreviewed
CVE-2025-14157 was published Dec 11, 2025
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.4.6,... Moderate Unreviewed
CVE-2025-4097 was published Dec 11, 2025
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.4.6,... High Unreviewed
CVE-2025-12562 was published Dec 11, 2025
XWiki's REST APIs don't enforce any limits, leading to unavailability and OOM in large wikis High
CVE-2025-66473 was published for org.xwiki.platform:xwiki-platform-rest-server (Maven) Dec 10, 2025
A security issue exists within 432ES-IG3 Series A, which affects GuardLink® EtherNet/IP Interface... High Unreviewed
CVE-2025-9368 was published Dec 9, 2025
A low privileged remote attacker can use the ssh feature to execute commands directly after login... Moderate Unreviewed
CVE-2025-41693 was published Dec 9, 2025
A low privileged remote attacker can run the webshell with an empty command containing whitespace... Moderate Unreviewed
CVE-2025-41694 was published Dec 9, 2025
IBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service... Moderate Unreviewed
CVE-2025-36140 was published Dec 9, 2025
In multiple locations, there is a possible permanent denial of service due to resource exhaustion... Moderate Unreviewed
CVE-2025-48569 was published Dec 8, 2025
In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service... High Unreviewed
CVE-2025-48631 was published Dec 8, 2025
In InputMethodInfo of InputMethodInfo.java, there is a possible permanent denial of service due... Moderate Unreviewed
CVE-2025-48603 was published Dec 8, 2025
In getComponentName of MediaButtonReceiverHolder.java, there is a possible desync in persistence... High Unreviewed
CVE-2025-48615 was published Dec 8, 2025
urllib3 allows an unbounded number of links in the decompression chain High
CVE-2025-66418 was published for urllib3 (pip) Dec 5, 2025
illia-v sethmlarson
pquentin
Credited to illia-v, sethmlarson, and pquentin
Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity... High Unreviewed
CVE-2025-12385 was published Dec 3, 2025
An issue in HCL Technologies Limited HCLTech GRAGON before v.7.6.0 allows a remote attacker to... Moderate Unreviewed
CVE-2025-63402 was published Dec 3, 2025
Interactive service agent in OpenVPN version 2.5.0 through 2.7_rc2 on Windows allows a local... Low Unreviewed
CVE-2025-13751 was published Dec 3, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database