Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,828
Erlang
36
GitHub Actions
33
Go
2,446
Maven
5,000+
npm
4,064
NuGet
723
pip
3,866
Pub
12
RubyGems
943
Rust
1,009
Swift
39
Unreviewed advisories
All unreviewed
5,000+

21 advisories

Loading
Chall-Manager's scenario decoding process does not check for zip bombs High
CVE-2025-53633 was published for github.com/ctfer-io/chall-manager (Go) Jul 10, 2025
Mobile Security Framework (MobSF) Allows Web Server Resource Exhaustion via ZIP of Death Attack Moderate
CVE-2025-46730 was published for mobsf (pip) May 5, 2025
ssshah2131
IBM Concert Software 1.0.0 through 1.0.5 could allow an authenticated user to cause a denial of... Moderate Unreviewed
CVE-2024-55909 was published May 2, 2025
This vulnerability allows any authenticated user to cause the server to consume very large... Moderate Unreviewed
CVE-2025-32949 was published Apr 15, 2025
IBM PowerVM Hypervisor FW1050.00 through FW1050.30 and FW1060.00 through FW1060.20 could allow a... Moderate Unreviewed
CVE-2025-0986 was published Mar 28, 2025
H2O Vulnerable to Denial of Service (DoS) via Large GZIP Parsing High
CVE-2024-7765 was published for ai.h2o:h2o-core (Maven) Mar 20, 2025
Apache Seata Vulnerable to Data Amplification Low
CVE-2024-54016 was published for org.apache.seata:seata-parent (Maven) Mar 20, 2025
Improper Handling of Highly Compressed Data (Data Amplification) in github.com/getkin/kin-openapi/openapi3filter High
CVE-2025-30153 was published for github.com/getkin/kin-openapi (Go) Mar 19, 2025
blotus dwertent
Possible DoS by memory exhaustion in net-imap Moderate
CVE-2025-25186 was published for net-imap (RubyGems) Feb 10, 2025
manunio nevans
Mattermost Data Amplification vulnerability Moderate
CVE-2024-54682 was published for github.com/mattermost/mattermost/server/v8 (Go) Dec 16, 2024
.NET Denial of Service Vulnerability High
CVE-2024-43499 was published for System.Formats.Nrbf (NuGet) Nov 12, 2024
yusuke-koyoshi
Duplicate Advisory: .NET and Visual Studio Denial of Service Vulnerability High
GHSA-wmm6-pgp8-29hg was published for System.Formats.Nrbf (NuGet) Nov 12, 2024 withdrawn
A denial of service (DoS) condition was discovered in GitLab CE/EE affecting all versions from 13... Moderate Unreviewed
CVE-2024-1947 was published May 23, 2024
Duplicate Advisory: Scrapy decompression bomb vulnerability High
GHSA-rmqv-7v3j-mr7p was published for scrapy (pip) Apr 16, 2024 withdrawn
Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification) Moderate
CVE-2024-28180 was published for github.com/go-jose/go-jose/v3 (Go) Mar 7, 2024
zer0yu chenjj
hectorj2f vrv7567
Apollo Router's Compressed Payloads do not respect HTTP Payload Limits Moderate
CVE-2024-28101 was published for apollo-router (Rust) Mar 6, 2024
IvanGoncharov Geal
peakematt
Scrapy decompression bomb vulnerability High
CVE-2024-3572 was published for scrapy (pip) Feb 16, 2024
dmandefy
gosaml2 vulnerable to Denial Of Service Via Deflate Decompression Bomb Moderate
CVE-2023-26483 was published for github.com/russellhaering/gosaml2 (Go) Mar 2, 2023
nszetei
Data Amplification in HashiCorp go-getter Moderate
CVE-2023-0475 was published for github.com/hashicorp/go-getter (Go) Feb 16, 2023
Pillow vulnerable to Data Amplification attack. High
CVE-2022-45198 was published for pillow (pip) Nov 14, 2022
superagent vulnerable to zip bomb attacks Moderate
CVE-2017-16129 was published for superagent (npm) Aug 9, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database