Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,761
Maven
5,000+
npm
4,368
NuGet
767
pip
4,137
Pub
12
RubyGems
962
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

79 advisories

Loading
Logrus is vulnerable to DoS when using Entry.Writer() High
CVE-2025-65637 was published for github.com/sirupsen/logrus (Go) Dec 4, 2025
NSSF panic due to nil pointer dereference when expiry field is omitted in NSSAIAvailability POST High
CVE-2025-60638 was published for github.com/free5gc/nssf (Go) Nov 24, 2025
jose2go is vulnerable to a JWT bomb attack through its decode function High
CVE-2025-63811 was published for github.com/dvsekhvalnov/jose2go (Go) Nov 12, 2025
gnark-crypto allows unchecked memory allocation during vector deserialization High
GHSA-fj2x-735w-74vq was published for github.com/consensys/gnark-crypto (Go) Oct 30, 2025
raefko
Credited to raefko
OpenBao has potential Denial of Service vulnerability when processing malicious unauthenticated JSON requests High
CVE-2025-59043 was published for github.com/openbao/openbao (Go) Oct 17, 2025
phil9909
Credited to phil9909
Parallax is vulnerable to DoS via malicious p2p message High
GHSA-xc79-566c-j4qx was published for github.com/microstack-tech/parallax (Go) Oct 10, 2025
github.com/MANTRA-Chain/mantrachain/x/tokenfactory tx gas limit is not enforced in send hooks High
CVE-2025-61595 was published for github.com/MANTRA-Chain/mantrachain (Go) Sep 30, 2025
Hellobloc
Credited to Hellobloc
gnark affected by denial of service when computing scalar multiplication using fake-GLV algorithm High
CVE-2025-58157 was published for github.com/consensys/gnark (Go) Aug 29, 2025
feltroidprime
Credited to feltroidprime
File Browser's Uncontrolled Memory Consumption vulnerability can enable DoS attack due to oversized file processing High
CVE-2025-53893 was published for github.com/filebrowser/filebrowser/v2 (Go) Jul 16, 2025
maen08 hacdias
Credited to maen08 and hacdias
Ollama Vulnerable to Denial of Service (DoS) via Crafted GZIP High
CVE-2024-12886 was published for github.com/ollama/ollama (Go) Mar 20, 2025
Goroutine Leak in Abacus SSE Implementation High
CVE-2025-27421 was published for github.com/jasonlovesdoggo/abacus (Go) Mar 3, 2025
JasonLovesDoggo
Credited to JasonLovesDoggo
go-git clients vulnerable to DoS via maliciously crafted Git server replies High
CVE-2025-21614 was published for github.com/go-git/go-git (Go) Jan 6, 2025
bdilalu
Credited to bdilalu
WhoDB Allows Unbounded Memory Consumption in Authentication Middleware Can Lead to Denial of Service High
GHSA-5pf6-cq2v-23ww was published for github.com/clidey/whodb/core (Go) Dec 19, 2024
thevilledev
Credited to thevilledev
ASA-2024-0012, ASA-2024-0013: CosmosSDK: Transaction decoding may result in a stack overflow or resource exhaustion High
GHSA-8wcc-m6j2-qxvm was published for cosmossdk.io/x/tx (Go) Dec 16, 2024
Podman vulnerable to memory-based denial of service High
CVE-2024-3056 was published for github.com/containers/podman (Go) Aug 2, 2024
Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint High
CVE-2024-40634 was published for github.com/argoproj/argo-cd (Go) Jul 22, 2024
jake-ciolek crenshaw-dev
pasha-codefresh
Credited to jake-ciolek, crenshaw-dev, and pasha-codefresh
go-grpc-compression has a zstd decompression bombing vulnerability High
GHSA-87m9-rv8p-rgmg was published for github.com/mostynb/go-grpc-compression (Go) Jun 10, 2024
Minder's GitHub Webhook Handler vulnerable to DoS from un-validated requests High
CVE-2024-34084 was published for github.com/stacklok/minder (Go) May 7, 2024
AdamKorcz DavidKorczynski
Credited to AdamKorcz and DavidKorczynski
go-ethereum vulnerable to DoS via malicious p2p message High
CVE-2024-32972 was published for github.com/ethereum/go-ethereum (Go) May 6, 2024
QUIC's Connection ID Mechanism vulnerable to Memory Exhaustion Attack High
CVE-2024-22189 was published for github.com/quic-go/quic-go (Go) Apr 2, 2024
marten-seemann
Credited to marten-seemann
Memory leaks in code encrypting and verifying RSA payloads High
CVE-2024-1394 was published for github.com/golang-fips/go (Go) Mar 20, 2024
qmuntal r3kumar
andrewpollock
Credited to qmuntal, r3kumar, and andrewpollock
Denial of service in HashiCorp Consul High
CVE-2020-25201 was published for github.com/hashicorp/consul (Go) Jan 31, 2024
Etcd Gateway can include itself as an endpoint resulting in resource exhaustion High
CVE-2020-15114 was published for go.etcd.io/etcd (Go) Jan 31, 2024
Traefik docker container using 100% CPU High
CVE-2023-47633 was published for github.com/traefik/traefik/v2 (Go) Dec 5, 2023
ekle
Credited to ekle
Free5gc allows a local attacker to cause a denial of service via the free5gc-compose component High
CVE-2023-47025 was published for github.com/free5gc/free5gc (Go) Nov 17, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database