Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,904
Erlang
38
GitHub Actions
38
Go
2,566
Maven
5,000+
npm
4,237
NuGet
753
pip
4,001
Pub
12
RubyGems
953
Rust
1,042
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,344 advisories

Loading
NVIDIA Jetson Linux and IGX OS contain a vulnerability in NvMap, where improper tracking of... Moderate Unreviewed
CVE-2025-33177 was published Oct 14, 2025
A vulnerability in the parsing of ethernet frames in AOS-8 Instant and AOS 10 could allow an... Moderate Unreviewed
CVE-2025-37148 was published Oct 14, 2025
A vulnerability in an AOS firmware binary allows an authenticated malicious actor to permanently... Moderate Unreviewed
CVE-2025-37139 was published Oct 14, 2025
A weakness has been identified in Tomofun Furbo 360 up to FB0035_FW_036. This vulnerability... Moderate Unreviewed
CVE-2025-11635 was published Oct 12, 2025
Authlib : JWE zip=DEF decompression bomb enables DoS Moderate
GHSA-g7f3-828f-7h7m was published for authlib (pip) Oct 10, 2025
AL-Cybision
Credited to AL-Cybision
vLLM: Resource-Exhaustion (DoS) through Malicious Jinja Template in OpenAI-Compatible Server Moderate
CVE-2025-61620 was published for vllm (pip) Oct 7, 2025
key-moon Ga-ryo
Alnusjaponica Isotr0py DarkLight1337
Credited to key-moon, Ga-ryo, Alnusjaponica, Isotr0py, and DarkLight1337
A vulnerability was determined in Open Asset Import Library Assimp 6.0.2. Affected is the... Moderate Unreviewed
CVE-2025-11274 was published Oct 5, 2025
An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If... Moderate Unreviewed
CVE-2025-52867 was published Oct 3, 2025
The Flock Safety Android Collins application (aka com.flocksafety.android.collins) 6.35.31 for... Moderate Unreviewed
CVE-2025-59403 was published Oct 2, 2025
In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform... Moderate Unreviewed
CVE-2025-20370 was published Oct 1, 2025
Hugging Face Transformers vulnerable to Regular Expression Denial of Service (ReDoS) in the AdamWeightDecay optimizer Moderate
CVE-2025-6921 was published for transformers (pip) Sep 23, 2025
A security flaw has been discovered in Tor up to 0.4.7.16/0.4.8.17. Impacted is an unknown... Moderate Unreviewed
CVE-2025-4444 was published Sep 18, 2025
CISA Thorium does not rate limit requests to send account verification email messages. A remote... Moderate Unreviewed
CVE-2025-35432 was published Sep 17, 2025
A denial-of-service issue was addressed with improved validation. This issue is fixed in macOS... Moderate Unreviewed
CVE-2025-43295 was published Sep 16, 2025
Hono has Body Limit Middleware Bypass Moderate
CVE-2025-59139 was published for hono (npm) Sep 12, 2025
imenyoo2 mwlik
Credited to imenyoo2 and mwlik
Uncontrolled resource consumption in certain Zoom Workplace Clients may allow an unauthenticated... Moderate Unreviewed
CVE-2025-49460 was published Sep 10, 2025
FS2 half-shutdown of socket during TLS handshake may result in spin loop on opposite side Moderate
CVE-2025-58369 was published for co.fs2:fs2-io_0.26 (Maven) Sep 5, 2025
In allowPackageAccess of multiple files, resource exhaustion is possible when repeatedly adding... Moderate Unreviewed
CVE-2025-26463 was published Sep 5, 2025
In multiple locations, there is a possible permanent denial of service due to resource exhaustion... Moderate Unreviewed
CVE-2025-26449 was published Sep 5, 2025
In multiple functions of AccountManagerService.java, there is a possible permanent denial of... Moderate Unreviewed
CVE-2025-48542 was published Sep 4, 2025
In setupAccessibilityServices of AccessibilityFragment.java , there is a possible way to hide an... Moderate Unreviewed
CVE-2024-40664 was published Sep 4, 2025
In validateIpConfiguration of WifiConfigurationUtil.java, there is a possible way to trigger a... Moderate Unreviewed
CVE-2025-26423 was published Sep 4, 2025
A security flaw has been discovered in mixmark-io turndown up to 7.2.1. This affects an unknown... Moderate Unreviewed
CVE-2025-9670 was published Aug 29, 2025
An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If... Moderate Unreviewed
CVE-2025-29898 was published Aug 29, 2025
In multiple locations, there is a possible crash loop due to resource exhaustion. This could lead... Moderate Unreviewed
CVE-2024-49740 was published Aug 27, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database