Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,894
Erlang
38
GitHub Actions
38
Go
2,558
Maven
5,000+
npm
4,232
NuGet
751
pip
4,001
Pub
12
RubyGems
953
Rust
1,042
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,984 advisories

Loading
NVIDIA Jetson Linux and IGX OS contain a vulnerability in NvMap, where improper tracking of... Moderate Unreviewed
CVE-2025-33177 was published Oct 14, 2025
An issue in the Configure New Cluster interface of kafka-ui v0.6.0 to v0.7.2 allows attackers to... High Unreviewed
CVE-2025-60536 was published Oct 14, 2025
Uncontrolled resource consumption in Windows Remote Procedure Call allows an unauthorized... High Unreviewed
CVE-2025-59502 was published Oct 14, 2025
A vulnerability in the parsing of ethernet frames in AOS-8 Instant and AOS 10 could allow an... Moderate Unreviewed
CVE-2025-37148 was published Oct 14, 2025
A vulnerability in an AOS firmware binary allows an authenticated malicious actor to permanently... Moderate Unreviewed
CVE-2025-37139 was published Oct 14, 2025
A weakness has been identified in Tomofun Furbo 360 up to FB0035_FW_036. This vulnerability... Moderate Unreviewed
CVE-2025-11635 was published Oct 12, 2025
Parallax is vulnerable to DoS via malicious p2p message High
GHSA-xc79-566c-j4qx was published for github.com/microstack-tech/parallax (Go) Oct 10, 2025
Authlib : JWE zip=DEF decompression bomb enables DoS Moderate
GHSA-g7f3-828f-7h7m was published for authlib (pip) Oct 10, 2025
AL-Cybision
Credited to AL-Cybision
Sinatra is vulnerable to ReDoS through ETag header value generation Low
CVE-2025-61921 was published for sinatra (RubyGems) Oct 10, 2025
dentarg
Credited to dentarg
Authlib is vulnerable to Denial of Service via Oversized JOSE Segments High
CVE-2025-61920 was published for authlib (pip) Oct 10, 2025
AL-Cybision
Credited to AL-Cybision
Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing High
CVE-2025-61919 was published for rack (RubyGems) Oct 10, 2025
Pirikara jeremyevans
ioquatix
Credited to Pirikara, jeremyevans, and ioquatix
Amazon.IonDotnet is vulnerable to Denial of Service attacks High
CVE-2025-11573 was published for Amazon.IonDotnet (NuGet) Oct 9, 2025
An Uncontrolled Resource Consumption vulnerability in the Connectivity Fault Management (CFM)... High Unreviewed
CVE-2025-52961 was published Oct 9, 2025
An Uncontrolled Resource Consumption vulnerability in the HTTP daemon (httpd) of Juniper Networks... High Unreviewed
CVE-2025-59975 was published Oct 9, 2025
vLLM: Resource-Exhaustion (DoS) through Malicious Jinja Template in OpenAI-Compatible Server Moderate
CVE-2025-61620 was published for vllm (pip) Oct 7, 2025
key-moon Ga-ryo
Alnusjaponica Isotr0py DarkLight1337
Credited to key-moon, Ga-ryo, Alnusjaponica, Isotr0py, and DarkLight1337
Rack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion) High
CVE-2025-61772 was published for rack (RubyGems) Oct 7, 2025
kwkr jeremyevans
ioquatix
Credited to kwkr, jeremyevans, and ioquatix
Rack: Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion) High
CVE-2025-61771 was published for rack (RubyGems) Oct 7, 2025
kwkr jeremyevans
ioquatix
Credited to kwkr, jeremyevans, and ioquatix
Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion) High
CVE-2025-61770 was published for rack (RubyGems) Oct 7, 2025
kwkr ioquatix
jeremyevans
Credited to kwkr, ioquatix, and jeremyevans
A vulnerability was determined in Open Asset Import Library Assimp 6.0.2. Affected is the... Moderate Unreviewed
CVE-2025-11274 was published Oct 5, 2025
An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If... Moderate Unreviewed
CVE-2025-52867 was published Oct 3, 2025
A TCL Smart TV running a vulnerable UPnP/DLNA MediaRenderer implementation is affected by a... High Unreviewed
CVE-2025-55972 was published Oct 3, 2025
The Flock Safety Android Collins application (aka com.flocksafety.android.collins) 6.35.31 for... Moderate Unreviewed
CVE-2025-59403 was published Oct 2, 2025
In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform... Moderate Unreviewed
CVE-2025-20370 was published Oct 1, 2025
github.com/MANTRA-Chain/mantrachain/x/tokenfactory tx gas limit is not enforced in send hooks High
CVE-2025-61595 was published for github.com/MANTRA-Chain/mantrachain (Go) Sep 30, 2025
Hellobloc
Credited to Hellobloc
Finance.js vulnerable to DoS via the IRR function’s depth parameter High
CVE-2025-56571 was published for financejs (npm) Sep 30, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database