Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,049
Maven
5,000+
npm
4,787
NuGet
825
pip
4,384
Pub
12
RubyGems
988
Rust
1,144
Swift
50
Unreviewed advisories
All unreviewed
5,000+

3,199 advisories

Loading
go-ethereum is vulnerable to high CPU usage leading to DoS via malicious p2p message High
CVE-2026-22868 was published for github.com/ethereum/go-ethereum (Go) Jan 13, 2026
Yenya030 Credited to Yenya030
Denial-of-service in the DOM: Service Workers component. This vulnerability affects Firefox < 147. High Unreviewed
CVE-2026-0889 was published Jan 13, 2026
A vulnerability has been identified in SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0) (All... High Unreviewed
CVE-2025-40944 was published Jan 13, 2026
pypdf has possible long runtimes for malformed startxref Low
CVE-2026-22691 was published for pypdf (pip) Jan 9, 2026
mkaalto Credited to mkaalto and stefan6419846 stefan6419846 stefan6419846
pypdf has possible long runtimes for missing /Root object with large /Size values Low
CVE-2026-22690 was published for pypdf (pip) Jan 9, 2026
N0zoM1z0 Credited to N0zoM1z0 and stefan6419846 stefan6419846 stefan6419846
An issue in Hero Motocorp Vida V1 Pro 2.0.7 allows a local attacker to cause a denial of service... High Unreviewed
CVE-2025-67133 was published Jan 9, 2026
Plesk Obsidian versions 8.0.1 through 18.0.73 are vulnerable to a Denial of Service (DoS)... High Unreviewed
CVE-2025-65518 was published Jan 8, 2026
An issue in Insiders Technologies GmbH e-invoice pro before release 1 Service Pack 2 allows a... High Unreviewed
CVE-2025-56424 was published Jan 8, 2026
An attacker with access to the system's internal network can cause a denial of service on the... Critical Unreviewed
CVE-2026-22542 was published Jan 7, 2026
The massive sending of ICMP requests causes a denial of service on one of the boards from the... High Unreviewed
CVE-2026-22541 was published Jan 7, 2026
The massive sending of ARP requests causes a denial of service on one board of the charger that... Critical Unreviewed
CVE-2026-22540 was published Jan 7, 2026
An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos... High Unreviewed
CVE-2025-43706 was published Jan 5, 2026
flagd: Multiple Go Runtime CVEs Impact Security and Availability High
GHSA-4c5f-9mj4-m247 was published for github.com/open-feature/flagd/core (Go) Jan 5, 2026
pramod-ahire Credited to pramod-ahire
MessagePack for Java Vulnerable to Remote DoS via Malicious EXT Payload Allocation High
CVE-2026-21452 was published for org.msgpack:msgpack-core (Maven) Jan 5, 2026
HyperPS Credited to HyperPS
Signal K Server Vulnerable to Denial of Service via Unrestricted Access Request Flooding High
CVE-2025-68272 was published for signalk-server (npm) Jan 2, 2026
An issue was discovered in function d_discriminator in file cp-demangle.c in BinUtils 2.26 allows... High Unreviewed
CVE-2025-66863 was published Dec 29, 2025
An issue was discovered in function d_unqualified_name in file cp-demangle.c in BinUtils 2.26... Low Unreviewed
CVE-2025-66861 was published Dec 29, 2025
UxPlay 1.72 contains a double free vulnerability in its RTSP request handling. A specially... Moderate Unreviewed
CVE-2025-60458 was published Dec 29, 2025
libxmljs has segmentation fault, potentially leading to a denial-of-service (DoS) High
CVE-2025-25341 was published for libxmljs (npm) Dec 26, 2025
A buffer overflow vulnerability exists in the ONVIF XML parser of Tapo C200 V3. An... High Unreviewed
CVE-2025-8065 was published Dec 20, 2025
On affected platforms running Arista EOS with OSPFv3 configured, a specially crafted packet can... High Unreviewed
CVE-2025-8872 was published Dec 16, 2025
Better Auth's rou3 Dependency has Double-Slash Path Normalization which can Bypass disabledPaths Config and Rate Limits High
GHSA-x732-6j76-qmhm was published for better-auth (npm) Dec 16, 2025
goksan Credited to goksan
SyncBreeze 15.2.24 contains a denial of service vulnerability in the login authentication... High Unreviewed
CVE-2023-53873 was published Dec 15, 2025
Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up High
GHSA-5j59-xgg2-r9c4 was published for next (npm) Dec 12, 2025
xpertforextradeinc Credited to xpertforextradeinc
Vite Plugin React has a Denial of Service Vulnerability in React Server Components High
GHSA-cpqf-f22c-r95x was published for @vitejs/plugin-rsc (npm) Dec 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database