GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,894
Erlang
38
GitHub Actions
38
Go
2,556
Maven
5,000+
npm
4,228
NuGet
747
pip
4,000
Pub
12
RubyGems
953
Rust
1,041
Swift
45
Unreviewed advisories
All unreviewed
5,000+
2,984 advisories
Filter by severity
Denial of Service in node-static
Moderate
GHSA-8r4g-cg4m-x23c
was published
for
node-static
(npm)
Sep 22, 2021
@nubosoftware/node-static failure to catch exception can result in server crash
High
CVE-2025-11149
was published
for
@nubosoftware/node-static
(npm)
Sep 30, 2025
Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows physically proximate attackers to...
Low
Unreviewed
CVE-2014-2343
was published
May 17, 2022
Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows remote attackers to cause a denial...
Moderate
Unreviewed
CVE-2014-2342
was published
May 17, 2022
github.com/MANTRA-Chain/mantrachain/x/tokenfactory tx gas limit is not enforced in send hooks
High
CVE-2025-61595
was published
for
github.com/MANTRA-Chain/mantrachain
(Go)
Sep 30, 2025
The Flock Safety Android Collins application (aka com.flocksafety.android.collins) 6.35.31 for...
Moderate
Unreviewed
CVE-2025-59403
was published
Oct 2, 2025
Elasticsearch Uncontrolled Resource Consumption Vulnerability
Moderate
CVE-2024-52979
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 1, 2025
A vulnerability classified as problematic has been found in vercel hyper up to 3.4.1. This...
Moderate
Unreviewed
CVE-2025-7074
was published
Jul 5, 2025
Uncontrolled Resource Consumption vulnerability in PlexTrac allows WebSocket DoS.This issue...
High
Unreviewed
CVE-2024-11835
was published
Dec 13, 2024
A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a...
High
Unreviewed
CVE-2023-5157
was published
Sep 27, 2023
Finance.js vulnerable to DoS via the seekZero() parameter
High
CVE-2025-56572
was published
for
financejs
(npm)
Sep 30, 2025
Uncontrolled Resource Consumption in Spray JSON
Moderate
CVE-2018-18855
was published
for
io.spray:spray-json_2.10
(Maven)
Jun 28, 2022
A vulnerability was found in HobbesOSR Kitten up to c4f8b7c3158983d1020af432be1b417b28686736 and...
Moderate
Unreviewed
CVE-2025-6365
was published
Jun 20, 2025
Regular Expression Denial of Service (ReDoS) in lodash
Moderate
CVE-2020-28500
was published
for
lodash
(RubyGems)
Jan 6, 2022
Regular Expression Denial of Service (ReDoS) in lodash
Moderate
CVE-2019-1010266
was published
for
lodash
(RubyGems)
Jul 19, 2019
An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of...
High
Unreviewed
CVE-2025-55551
was published
Sep 25, 2025
Wavlink M86X3A_V240730 contains a buffer overflow vulnerability in the /cgi-bin/ExportAllSettings...
High
Unreviewed
CVE-2025-55847
was published
Sep 26, 2025
An issue was discovered TensorFlow v2.18.0. A Denial of Service (DoS) occurs when padding is set...
High
Unreviewed
CVE-2025-55559
was published
Sep 25, 2025
An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of...
High
Unreviewed
CVE-2025-55560
was published
Sep 25, 2025
A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d,...
High
Unreviewed
CVE-2025-55558
was published
Sep 25, 2025
An issue in O-RAN Near Realtime RIC ric-plt-submgr in the J-Release environment, allows remote...
High
Unreviewed
CVE-2025-57446
was published
Sep 25, 2025
apidoc-core is vulnerable to prototype pollution
High
CVE-2025-57317
was published
for
apidoc-core
(npm)
Sep 25, 2025
Cattown is Vulnerable to Uncontrolled Resource Consumption through Inefficient Regular Expression Complexity
High
CVE-2025-58451
was published
for
cattown
(npm)
Sep 9, 2025
Rack has an unsafe default in Rack::QueryParser allows params_limit bypass via semicolon-separated parameters
High
CVE-2025-59830
was published
for
rack
(RubyGems)
Sep 25, 2025
Hugging Face Transformers vulnerable to Regular Expression Denial of Service (ReDoS) in the AdamWeightDecay optimizer
Moderate
CVE-2025-6921
was published
for
transformers
(pip)
Sep 23, 2025
ProTip!
Advisories are also available from the
GraphQL API