Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,778
Erlang
36
GitHub Actions
29
Go
2,336
Maven
5,000+
npm
3,970
NuGet
713
pip
3,767
Pub
12
RubyGems
923
Rust
976
Swift
38
Unreviewed advisories
All unreviewed
5,000+

12 advisories

Loading
Mobile Security Framework (MobSF) Allows Web Server Resource Exhaustion via ZIP of Death Attack Moderate
CVE-2025-46730 was published for mobsf (pip) May 5, 2025
ssshah2131
IBM Concert Software 1.0.0 through 1.0.5 could allow an authenticated user to cause a denial of... Moderate Unreviewed
CVE-2024-55909 was published May 2, 2025
This vulnerability allows any authenticated user to cause the server to consume very large... Moderate Unreviewed
CVE-2025-32949 was published Apr 15, 2025
IBM PowerVM Hypervisor FW1050.00 through FW1050.30 and FW1060.00 through FW1060.20 could allow a... Moderate Unreviewed
CVE-2025-0986 was published Mar 28, 2025
Possible DoS by memory exhaustion in net-imap Moderate
CVE-2025-25186 was published for net-imap (RubyGems) Feb 10, 2025
manunio nevans
Mattermost Data Amplification vulnerability Moderate
CVE-2024-54682 was published for github.com/mattermost/mattermost/server/v8 (Go) Dec 16, 2024
A denial of service (DoS) condition was discovered in GitLab CE/EE affecting all versions from 13... Moderate Unreviewed
CVE-2024-1947 was published May 23, 2024
Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification) Moderate
CVE-2024-28180 was published for github.com/go-jose/go-jose/v3 (Go) Mar 7, 2024
zer0yu chenjj
hectorj2f vrv7567
Apollo Router's Compressed Payloads do not respect HTTP Payload Limits Moderate
CVE-2024-28101 was published for apollo-router (Rust) Mar 6, 2024
IvanGoncharov Geal
peakematt
gosaml2 vulnerable to Denial Of Service Via Deflate Decompression Bomb Moderate
CVE-2023-26483 was published for github.com/russellhaering/gosaml2 (Go) Mar 2, 2023
nszetei
Data Amplification in HashiCorp go-getter Moderate
CVE-2023-0475 was published for github.com/hashicorp/go-getter (Go) Feb 16, 2023
superagent vulnerable to zip bomb attacks Moderate
CVE-2017-16129 was published for superagent (npm) Aug 9, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database