Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

38 advisories

Loading
containerd CRI server: Host memory exhaustion through Attach goroutine leak Moderate
CVE-2025-64329 was published for github.com/containerd/containerd (Go) Nov 6, 2025
Wheat2018
Credited to Wheat2018
Liferay Portal and DXP vulnerable to a memory leak Moderate
CVE-2025-43816 was published for com.liferay:com.liferay.portal.vulcan.impl (Maven) Sep 25, 2025
ImageMagick has a Memory Leak in magick stream Low
CVE-2025-53019 was published for Magick.NET-Q16-AnyCPU (NuGet) Aug 25, 2025
momo-trip YutoIn
iwashiira utshina
Credited to momo-trip, YutoIn, iwashiira, and utshina
Multer vulnerable to Denial of Service via memory leaks from unclosed streams High
CVE-2025-47935 was published for multer (npm) May 19, 2025
ctcpip UlisesGascon
UnlimitedBytes
Credited to ctcpip, UlisesGascon, and UnlimitedBytes
undici Denial of Service attack via bad certificate data Low
CVE-2025-47279 was published for undici (npm) May 15, 2025
styfle mcollina
Credited to styfle and mcollina
Infinispan Potential Out of Memory Error via REST Compare API Buffer API Moderate
CVE-2024-6875 was published for org.infinispan:infinispan-query (Maven) Mar 28, 2025
io.quarkus:quarkus-resteasy: Memory Leak in Quarkus RESTEasy Classic When Client Requests Timeout High
CVE-2025-1634 was published for io.quarkus:quarkus-resteasy (Maven) Feb 26, 2025
r3kumar
Credited to r3kumar
go-crypto-winnative BCryptGenerateSymmetricKey memory leak High
CVE-2025-25199 was published for github.com/microsoft/go-crypto-winnative (Go) Feb 12, 2025
clarkb7
Credited to clarkb7
ic-cdk has a memory leak when calling a canister method via `ic_cdk::call` High
CVE-2024-7884 was published for ic_cdk (Rust) Sep 5, 2024
adamspofford-dfinity
Credited to adamspofford-dfinity
Apache CXF allows unrestricted memory consumption in CXF HTTP clients Moderate
CVE-2024-41172 was published for org.apache.cxf:cxf-rt-transports-http (Maven) Jul 19, 2024
Undertow Missing Release of Memory after Effective Lifetime vulnerability Moderate
CVE-2024-3653 was published for io.undertow:undertow-core (Maven) Jul 9, 2024
jw123023
Credited to jw123023
ic-stable-structures vulnerable to BTreeMap memory leak when deallocating nodes with overflows Moderate
CVE-2024-4435 was published for ic-stable-structures (Rust) May 21, 2024
ielashi
Credited to ielashi
Memory leaks in code encrypting and verifying RSA payloads High
CVE-2024-1394 was published for github.com/golang-fips/go (Go) Mar 20, 2024
qmuntal r3kumar
andrewpollock
Credited to qmuntal, r3kumar, and andrewpollock
Remote Denial of Service Vulnerability in Microsoft QUIC High
GHSA-2x7m-gf85-3745 was published for Microsoft.Native.Quic.MsQuic.OpenSSL (NuGet) Mar 13, 2024
fetch(url) leads to a memory leak in undici Moderate
CVE-2024-24750 was published for undici (npm) Feb 16, 2024
mcollina
Credited to mcollina
OpenFGA denial of service Moderate
CVE-2024-23820 was published for github.com/openfga/openfga (Go) Jan 26, 2024
tokio-boring vulnerable to resource exhaustion via memory leak Moderate
CVE-2023-6180 was published for tokio-boring (Rust) Dec 5, 2023
ehaydenr
Credited to ehaydenr
HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability High
CVE-2023-5954 was published for github.com/hashicorp/vault (Go) Nov 9, 2023
memory leak flaw was found in ruby-magick Moderate
CVE-2023-5349 was published for rmagick (RubyGems) Oct 30, 2023
MsQuic Remote Denial of Service Vulnerability High
CVE-2023-36435 was published for Microsoft.Native.Quic.MsQuic.OpenSSL (NuGet) Oct 10, 2023
Cache variables with the operations when transforms exist on the root level even if variables change in the further requests with the same operation Moderate
CVE-2025-27097 was published for @graphql-mesh/runtime (npm) Oct 10, 2023
ardatan khell
Credited to ardatan and khell
CometBFT may duplicate transactions in the mempool's data structures High
CVE-2023-34451 was published for github.com/cometbft/cometbft (Go) Jul 5, 2023
otrack
Credited to otrack
CometBFT PeerState JSON serialization deadlock Moderate
CVE-2023-34450 was published for github.com/cometbft/cometbft (Go) Jul 5, 2023
mmsqe sergio-mena
Credited to mmsqe and sergio-mena
containerd CRI stream server vulnerable to host memory exhaustion via terminal Moderate
CVE-2022-23471 was published for github.com/containerd/containerd (Go) Dec 7, 2022
Undertow vulnerable to memory exhaustion due to buffer leak High
CVE-2021-3690 was published for io.undertow:undertow-core (Maven) Jul 15, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database