Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,894
Erlang
38
GitHub Actions
38
Go
2,552
Maven
5,000+
npm
4,224
NuGet
746
pip
3,999
Pub
12
RubyGems
953
Rust
1,041
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,979 advisories

Loading
Sinatra is vulnerable to ReDoS through ETag header value generation Low
CVE-2025-61921 was published for sinatra (RubyGems) Oct 10, 2025
dentarg
Credited to dentarg
Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing High
CVE-2025-61919 was published for rack (RubyGems) Oct 10, 2025
Pirikara jeremyevans
ioquatix
Credited to Pirikara, jeremyevans, and ioquatix
Authlib is vulnerable to Denial of Service via Oversized JOSE Segments High
CVE-2025-61920 was published for authlib (pip) Oct 10, 2025
AL-Cybision
Credited to AL-Cybision
Rack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion) High
CVE-2025-61772 was published for rack (RubyGems) Oct 7, 2025
kwkr jeremyevans
ioquatix
Credited to kwkr, jeremyevans, and ioquatix
Rack: Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion) High
CVE-2025-61771 was published for rack (RubyGems) Oct 7, 2025
kwkr jeremyevans
ioquatix
Credited to kwkr, jeremyevans, and ioquatix
Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion) High
CVE-2025-61770 was published for rack (RubyGems) Oct 7, 2025
kwkr ioquatix
jeremyevans
Credited to kwkr, ioquatix, and jeremyevans
A weakness has been identified in Tomofun Furbo 360 up to FB0035_FW_036. This vulnerability... Moderate Unreviewed
CVE-2025-11635 was published Oct 12, 2025
Parallax is vulnerable to DoS via malicious p2p message High
GHSA-xc79-566c-j4qx was published for github.com/microstack-tech/parallax (Go) Oct 10, 2025
Authlib : JWE zip=DEF decompression bomb enables DoS Moderate
GHSA-g7f3-828f-7h7m was published for authlib (pip) Oct 10, 2025
AL-Cybision
Credited to AL-Cybision
Denial of service in jackson-dataformat-toml High
CVE-2023-3894 was published for com.fasterxml.jackson.dataformat:jackson-dataformat-toml (Maven) Aug 8, 2023
Mochis ryanmurf
Credited to Mochis and ryanmurf
Amazon.IonDotnet is vulnerable to Denial of Service attacks High
CVE-2025-11573 was published for Amazon.IonDotnet (NuGet) Oct 9, 2025
An Uncontrolled Resource Consumption vulnerability in the Connectivity Fault Management (CFM)... High Unreviewed
CVE-2025-52961 was published Oct 9, 2025
An Uncontrolled Resource Consumption vulnerability in the HTTP daemon (httpd) of Juniper Networks... High Unreviewed
CVE-2025-59975 was published Oct 9, 2025
In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform... Moderate Unreviewed
CVE-2025-20370 was published Oct 1, 2025
gnark affected by denial of service when computing scalar multiplication using fake-GLV algorithm High
CVE-2025-58157 was published for github.com/consensys/gnark (Go) Aug 29, 2025
feltroidprime
Credited to feltroidprime
An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If... Moderate Unreviewed
CVE-2025-52867 was published Oct 3, 2025
vLLM: Resource-Exhaustion (DoS) through Malicious Jinja Template in OpenAI-Compatible Server Moderate
CVE-2025-61620 was published for vllm (pip) Oct 7, 2025
key-moon Ga-ryo
Isotr0py DarkLight1337
Credited to key-moon, Ga-ryo, Isotr0py, and DarkLight1337
Finance.js vulnerable to DoS via the IRR function’s depth parameter High
CVE-2025-56571 was published for financejs (npm) Sep 30, 2025
A vulnerability was determined in Open Asset Import Library Assimp 6.0.2. Affected is the... Moderate Unreviewed
CVE-2025-11274 was published Oct 5, 2025
A TCL Smart TV running a vulnerable UPnP/DLNA MediaRenderer implementation is affected by a... High Unreviewed
CVE-2025-55972 was published Oct 3, 2025
Denial of Service in node-static Moderate
GHSA-8r4g-cg4m-x23c was published for node-static (npm) Sep 22, 2021
@nubosoftware/node-static failure to catch exception can result in server crash High
CVE-2025-11149 was published for @nubosoftware/node-static (npm) Sep 30, 2025
lirantal
Credited to lirantal
Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows physically proximate attackers to... Low Unreviewed
CVE-2014-2343 was published May 17, 2022
Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows remote attackers to cause a denial... Moderate Unreviewed
CVE-2014-2342 was published May 17, 2022
github.com/MANTRA-Chain/mantrachain/x/tokenfactory tx gas limit is not enforced in send hooks High
CVE-2025-61595 was published for github.com/MANTRA-Chain/mantrachain (Go) Sep 30, 2025
Hellobloc
Credited to Hellobloc
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database