Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,894
Erlang
38
GitHub Actions
38
Go
2,552
Maven
5,000+
npm
4,224
NuGet
746
pip
3,999
Pub
12
RubyGems
953
Rust
1,041
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,340 advisories

Loading
A weakness has been identified in Tomofun Furbo 360 up to FB0035_FW_036. This vulnerability... Moderate Unreviewed
CVE-2025-11635 was published Oct 12, 2025
Authlib : JWE zip=DEF decompression bomb enables DoS Moderate
GHSA-g7f3-828f-7h7m was published for authlib (pip) Oct 10, 2025
AL-Cybision
Credited to AL-Cybision
vLLM: Resource-Exhaustion (DoS) through Malicious Jinja Template in OpenAI-Compatible Server Moderate
CVE-2025-61620 was published for vllm (pip) Oct 7, 2025
key-moon Ga-ryo
Isotr0py DarkLight1337
Credited to key-moon, Ga-ryo, Isotr0py, and DarkLight1337
A vulnerability was determined in Open Asset Import Library Assimp 6.0.2. Affected is the... Moderate Unreviewed
CVE-2025-11274 was published Oct 5, 2025
An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If... Moderate Unreviewed
CVE-2025-52867 was published Oct 3, 2025
The Flock Safety Android Collins application (aka com.flocksafety.android.collins) 6.35.31 for... Moderate Unreviewed
CVE-2025-59403 was published Oct 2, 2025
In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform... Moderate Unreviewed
CVE-2025-20370 was published Oct 1, 2025
Hugging Face Transformers vulnerable to Regular Expression Denial of Service (ReDoS) in the AdamWeightDecay optimizer Moderate
CVE-2025-6921 was published for transformers (pip) Sep 23, 2025
A security flaw has been discovered in Tor up to 0.4.7.16/0.4.8.17. Impacted is an unknown... Moderate Unreviewed
CVE-2025-4444 was published Sep 18, 2025
CISA Thorium does not rate limit requests to send account verification email messages. A remote... Moderate Unreviewed
CVE-2025-35432 was published Sep 17, 2025
A denial-of-service issue was addressed with improved validation. This issue is fixed in macOS... Moderate Unreviewed
CVE-2025-43295 was published Sep 16, 2025
Hono has Body Limit Middleware Bypass Moderate
CVE-2025-59139 was published for hono (npm) Sep 12, 2025
imenyoo2 mwlik
Credited to imenyoo2 and mwlik
Uncontrolled resource consumption in certain Zoom Workplace Clients may allow an unauthenticated... Moderate Unreviewed
CVE-2025-49460 was published Sep 10, 2025
FS2 half-shutdown of socket during TLS handshake may result in spin loop on opposite side Moderate
CVE-2025-58369 was published for co.fs2:fs2-io_0.26 (Maven) Sep 5, 2025
In allowPackageAccess of multiple files, resource exhaustion is possible when repeatedly adding... Moderate Unreviewed
CVE-2025-26463 was published Sep 5, 2025
In multiple locations, there is a possible permanent denial of service due to resource exhaustion... Moderate Unreviewed
CVE-2025-26449 was published Sep 5, 2025
In multiple functions of AccountManagerService.java, there is a possible permanent denial of... Moderate Unreviewed
CVE-2025-48542 was published Sep 4, 2025
In setupAccessibilityServices of AccessibilityFragment.java , there is a possible way to hide an... Moderate Unreviewed
CVE-2024-40664 was published Sep 4, 2025
In validateIpConfiguration of WifiConfigurationUtil.java, there is a possible way to trigger a... Moderate Unreviewed
CVE-2025-26423 was published Sep 4, 2025
A security flaw has been discovered in mixmark-io turndown up to 7.2.1. This affects an unknown... Moderate Unreviewed
CVE-2025-9670 was published Aug 29, 2025
An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If... Moderate Unreviewed
CVE-2025-29898 was published Aug 29, 2025
In multiple locations, there is a possible crash loop due to resource exhaustion. This could lead... Moderate Unreviewed
CVE-2024-49740 was published Aug 27, 2025
GraphQL Armor Max-Depth Plugin Bypass via fragment caching Moderate
GHSA-224p-v68g-5g8f was published for @escape.tech/graphql-armor-max-depth (npm) Aug 26, 2025
GraphQL Armor Max-Depth Plugin Bypass via Introspection Query Obfuscation Moderate
GHSA-hmfr-rx46-4jx2 was published for @escape.tech/graphql-armor-max-depth (npm) Aug 26, 2025
M0ngi
Credited to M0ngi
Bouncy Castle for Java has Uncontrolled Resource Consumption Vulnerability Moderate
CVE-2025-9341 was published for org.bouncycastle:bc-fips (Maven) Aug 22, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database