Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,034
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

27 advisories

Loading
ProcessWire CMS vulnerable to resource-exhaustion Denial of Service Moderate
CVE-2025-60790 was published for processwire/processwire (Composer) Oct 21, 2025
Denial of Service (DoS) attack possibility in TYPO3 component Indexed Search Moderate
GHSA-pmxp-7224-h794 was published for typo3/cms (Composer) Jun 4, 2024
SilverStripe framework XML Quadratic Blowup Attack Moderate
GHSA-g43w-98wp-m694 was published for silverstripe/framework (Composer) May 23, 2024
TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController Moderate
CVE-2024-34358 was published for typo3/cms-core (Composer) May 14, 2024
derhansen bnf
bmack
Credited to derhansen, bnf, and bmack
Slow String Operations via MultiPart Requests in Event-Driven Functions Moderate
CVE-2024-29186 was published for bref/bref (Composer) Mar 22, 2024
smaury mnapoli
rcambien GrahamCampbell
Credited to smaury, mnapoli, rcambien, and GrahamCampbell
phpseclib a large prime can cause a denial of service High
CVE-2024-27354 was published for phpseclib/phpseclib (Composer) Mar 2, 2024
phpseclib does not properly limit the ASN1 OID length High
CVE-2024-27355 was published for phpseclib/phpseclib (Composer) Mar 2, 2024
Uncontrolled Resource Consumption in moodle High
CVE-2024-25978 was published for moodle/moodle (Composer) Feb 19, 2024
Magento Open Source allows Uncontrolled Resource Consumption Moderate
CVE-2024-20716 was published for magento/community-edition (Composer) Feb 15, 2024
Bref's Uploaded Files Not Deleted in Event-Driven Functions Moderate
CVE-2024-24752 was published for bref/bref (Composer) Feb 1, 2024
smaury mnapoli
Credited to smaury and mnapoli
phpseclib vulnerable to denial of service High
CVE-2023-49316 was published for phpseclib/phpseclib (Composer) Nov 27, 2023
kdambekalns iekadou
Credited to kdambekalns and iekadou
pocketmine/raklib reliable-ordered queue size is unlimited, allowing a session to hog server memory Moderate
GHSA-w98g-5fmx-wm4x was published for pocketmine/raklib (Composer) Nov 15, 2023
Silverstripe GraphQL has DDOS Vulnerability due to lack of protection against recursive queries High
CVE-2023-40180 was published for silverstripe/graphql (Composer) Oct 17, 2023
Magento Open Source allows Uncontrolled Resource Consumption Moderate
CVE-2023-38251 was published for magento/community-edition (Composer) Oct 13, 2023
PocketMine MP vulnerable to uncontrolled resource consumption via mismatched type of 'InventoryTransactionPacket' Moderate
GHSA-42qm-8v8m-m78c was published for pocketmine/pocketmine-mp (Composer) Jun 1, 2023
dktapps
Credited to dktapps
ReactPHP's HTTP server continues parsing unused multipart parts after reaching input field and file upload limits Moderate
CVE-2023-26044 was published for react/http (Composer) May 17, 2023
WyriHaximus
Credited to WyriHaximus
Moodle vulnerable to Uncontrolled Resource Consumption High
CVE-2021-36395 was published for moodle/moodle (Composer) Mar 6, 2023
Moodle Client side denial of service via personal message Moderate
CVE-2021-20185 was published for moodle/moodle (Composer) May 24, 2022
Moodle Denial of Service High
CVE-2020-25630 was published for moodle/moodle (Composer) May 24, 2022
Wikimedia Potential DOS due to slow WatchedItemStore::countVisitingWatchersMultiple High
CVE-2019-12473 was published for mediawiki/core (Composer) May 24, 2022
DOMPDF denial of service vulnerability Moderate
CVE-2014-5012 was published for dompdf/dompdf (Composer) May 17, 2022
FriendsOfSymfony FOSUserBundle denial of service via login form Moderate
CVE-2013-5750 was published for friendsofsymfony/user-bundle (Composer) May 17, 2022
PHP OpenID Library Denial of Service vulnerability High
CVE-2013-4701 was published for openid/php-openid (Composer) May 17, 2022
phpMyAdmin Denial Of Service (DOS) attack High
CVE-2016-5706 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
decsecre583
Credited to decsecre583
Moodle denial-of-service risk in the draft files area High
CVE-2021-32476 was published for moodle/moodle (Composer) Mar 12, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database