Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,908
Erlang
39
GitHub Actions
38
Go
2,568
Maven
5,000+
npm
4,240
NuGet
754
pip
4,004
Pub
12
RubyGems
953
Rust
1,042
Swift
45
Unreviewed advisories
All unreviewed
5,000+

354 advisories

Loading
MLflow Uncontrolled Resource Consumption vulnerability Moderate
CVE-2025-0453 was published for mlflow (pip) Mar 20, 2025
LlamaIndex Uncontrolled Resource Consumption vulnerability Moderate
CVE-2024-12910 was published for llama-index (pip) Mar 20, 2025
Internationalized Domain Names in Applications (IDNA) vulnerable to denial of service from specially crafted inputs to idna.encode Moderate
CVE-2024-3651 was published for idna (pip) Apr 11, 2024
guidovranken
Credited to guidovranken
zipp Denial of Service vulnerability Moderate
CVE-2024-5569 was published for zipp (pip) Jul 9, 2024
vLLM: Resource-Exhaustion (DoS) through Malicious Jinja Template in OpenAI-Compatible Server Moderate
CVE-2025-61620 was published for vllm (pip) Oct 7, 2025
key-moon Ga-ryo
Alnusjaponica Isotr0py DarkLight1337
Credited to key-moon, Ga-ryo, Alnusjaponica, Isotr0py, and DarkLight1337
Authlib : JWE zip=DEF decompression bomb enables DoS Moderate
GHSA-g7f3-828f-7h7m was published for authlib (pip) Oct 10, 2025
AL-Cybision
Credited to AL-Cybision
Denial of Service in node-static Moderate
GHSA-8r4g-cg4m-x23c was published for node-static (npm) Sep 22, 2021
Elasticsearch Uncontrolled Resource Consumption Vulnerability Moderate
CVE-2024-52979 was published for org.elasticsearch:elasticsearch (Maven) May 1, 2025
Uncontrolled Resource Consumption in Spray JSON Moderate
CVE-2018-18855 was published for io.spray:spray-json_2.10 (Maven) Jun 28, 2022
Regular Expression Denial of Service (ReDoS) in lodash Moderate
CVE-2020-28500 was published for lodash (RubyGems) Jan 6, 2022
mitchell-codecov nitaiapiiro
DmitriyLewen jkmartindale G-Rath levpachmanov
Credited to mitchell-codecov, nitaiapiiro, DmitriyLewen, jkmartindale, G-Rath, and levpachmanov
Regular Expression Denial of Service (ReDoS) in lodash Moderate
CVE-2019-1010266 was published for lodash (RubyGems) Jul 19, 2019
mitchell-codecov G-Rath
levpachmanov
Credited to mitchell-codecov, G-Rath, and levpachmanov
Hugging Face Transformers vulnerable to Regular Expression Denial of Service (ReDoS) in the AdamWeightDecay optimizer Moderate
CVE-2025-6921 was published for transformers (pip) Sep 23, 2025
REXML contains a denial of service vulnerability Moderate
CVE-2024-35176 was published for rexml (RubyGems) May 16, 2024
Hono has Body Limit Middleware Bypass Moderate
CVE-2025-59139 was published for hono (npm) Sep 12, 2025
imenyoo2 mwlik
Credited to imenyoo2 and mwlik
Ruby SAML DOS vulnerability with large SAML response Moderate
CVE-2025-54572 was published for ruby-saml (RubyGems) Jul 30, 2025
Yuuki77 dblessing
Credited to Yuuki77 and dblessing
FS2 half-shutdown of socket during TLS handshake may result in spin loop on opposite side Moderate
CVE-2025-58369 was published for co.fs2:fs2-io_0.26 (Maven) Sep 5, 2025
GraphQL Armor Max-Depth Plugin Bypass via fragment caching Moderate
GHSA-224p-v68g-5g8f was published for @escape.tech/graphql-armor-max-depth (npm) Aug 26, 2025
GraphQL Armor Max-Depth Plugin Bypass via Introspection Query Obfuscation Moderate
GHSA-hmfr-rx46-4jx2 was published for @escape.tech/graphql-armor-max-depth (npm) Aug 26, 2025
M0ngi
Credited to M0ngi
Bouncy Castle for Java has Uncontrolled Resource Consumption Vulnerability Moderate
CVE-2025-9341 was published for org.bouncycastle:bc-fips (Maven) Aug 22, 2025
HTTP/2 Stream Cancellation Attack Moderate
CVE-2023-44487 was published for com.typesafe.akka:akka-http-core (Go) Oct 10, 2023
joakime faroukfaiz10
DuyTran-TomTom derekheld ebickle westonsteimel
Credited to joakime, faroukfaiz10, DuyTran-TomTom, derekheld, ebickle, and westonsteimel
PyPDF's Manipulated FlateDecode streams can exhaust RAM Moderate
CVE-2025-55197 was published for pypdf (pip) Aug 13, 2025
jakiki6 stefan6419846
Credited to jakiki6 and stefan6419846
Oak Server has ReDoS in x-forwarded-proto and x-forwarded-for headers Moderate
CVE-2025-55152 was published for @oakserver/oak (npm) Aug 12, 2025
dellalibera
Credited to dellalibera
Apache Tomcat Coyote vulnerable to Denial of Service via excessive HTTP/2 streams Moderate
CVE-2025-53506 was published for org.apache.tomcat:tomcat-coyote (Maven) Jul 10, 2025
fabien-chebel
Credited to fabien-chebel
Apache Tomcat Uncontrolled Resource Consumption vulnerability Moderate
CVE-2024-54677 was published for org.apache.tomcat:tomcat-catalina (Maven) Dec 17, 2024
MaterialX Lack of MTLX Import Depth Limit Leads to DoS (Denial-Of-Service) Via Stack Exhaustion Moderate
CVE-2025-53012 was published for MaterialX (pip) Jul 31, 2025
suidpit ndaprela
TheZ3ro smaury
Credited to suidpit, ndaprela, TheZ3ro, and smaury
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database