Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

3,058 advisories

Loading
Logrus is vulnerable to DoS when using Entry.Writer() High
CVE-2025-65637 was published for github.com/sirupsen/logrus (Go) Dec 4, 2025
Rhino has high CPU usage and potential DoS when passing specific numbers to `toFixed()` function Low
CVE-2025-66453 was published for org.mozilla:rhino (Maven) Dec 3, 2025
TechPizzaDev
Credited to TechPizzaDev
Grav is vulnerable to a DOS on the admin panel Moderate
CVE-2025-66303 was published for getgrav/grav (Composer) Dec 2, 2025
alix41dsec
Credited to alix41dsec
When reading an HTTP response from a server, if no read amount is specified, the default behavior... Moderate Unreviewed
CVE-2025-13836 was published Dec 1, 2025
BACnet Test Server versions up to and including 1.01 contains a remote denial of service... High Unreviewed
CVE-2020-36872 was published Nov 27, 2025
An issue was discovered in Veal98 Echo Open-Source Community System 2.2 thru 2.3 allowing an... High Unreviewed
CVE-2025-51741 was published Nov 25, 2025
body-parser is vulnerable to denial of service when url encoding is used Moderate
CVE-2025-13466 was published for body-parser (npm) Nov 25, 2025
Phillip9587 bjohansebas
UlisesGascon ctcpip sheplu jonchurch
Credited to Phillip9587, bjohansebas, UlisesGascon, ctcpip, sheplu, and jonchurch
pypdf's LZWDecode streams be manipulated to exhaust RAM Moderate
CVE-2025-66019 was published for pypdf (pip) Nov 24, 2025
aydinnyunus stefan6419846
Credited to aydinnyunus and stefan6419846
NSSF panic due to nil pointer dereference when expiry field is omitted in NSSAIAvailability POST High
CVE-2025-60638 was published for github.com/free5gc/nssf (Go) Nov 24, 2025
thread-amount Vulnerable to Resource Exhaustion (Memory and Handle Leaks) on Windows and macOS High
CVE-2025-65947 was published for thread-amount (Rust) Nov 21, 2025
jzeuzs
Credited to jzeuzs
HackerOne community member Dao Hoang Anh (yoyomiski) has reported an uncontrolled resource... Moderate Unreviewed
CVE-2025-55128 was published Nov 20, 2025
A vulnerability in the web-based management interface of affected products could allow an... High Unreviewed
CVE-2025-37161 was published Nov 18, 2025
An uncontrolled resource consumption vulnerability in the web server of Zyxel DX3301-T0 firmware... Moderate Unreviewed
CVE-2025-6599 was published Nov 18, 2025
Denial-of-service condition in M-Files Server versions before 25.11.15392.1 allows an... High Unreviewed
CVE-2025-11681 was published Nov 17, 2025
Positive Technologies MaxPatrol 8 and XSpider contain a remote denial-of-service vulnerability in... High Unreviewed
CVE-2021-4467 was published Nov 15, 2025
ReQuest Serious Play F3 Media Server versions 7.0.3.4968 (Pro), 7.0.2.4954, 6.5.2.4954, 6.4.2... High Unreviewed
CVE-2021-4465 was published Nov 15, 2025
The Epson Stylus SX510W embedded web management service fails to properly handle consecutive... High Unreviewed
CVE-2023-7326 was published Nov 13, 2025
jose2go is vulnerable to a JWT bomb attack through its decode function High
CVE-2025-63811 was published for github.com/dvsekhvalnov/jose2go (Go) Nov 12, 2025
Uncontrolled resource consumption for some Gaudi software before version 1.21.0 within Ring 3:... Moderate Unreviewed
CVE-2025-27249 was published Nov 11, 2025
In Open5GS 2.7.6, AMF crashes when receiving an abnormal NGSetupRequest message, resulting in... High Unreviewed
CVE-2025-63288 was published Nov 10, 2025
An issue in KiloView Dual Channel 4k HDMI & 3G-SDI HEVC Video Encoder Firmware v.1.20.0006 allows... High Unreviewed
CVE-2025-63560 was published Nov 6, 2025
An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution... Moderate Unreviewed
CVE-2025-60753 was published Nov 5, 2025
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem. Mishandling... High Unreviewed
CVE-2025-49494 was published Nov 4, 2025
The issue was addressed with improved memory handling. This issue is fixed in watchOS 26.1, iOS... High Unreviewed
CVE-2025-43462 was published Nov 4, 2025
The issue was addressed with improved bounds checks. This issue is fixed in iOS 26.1 and iPadOS... High Unreviewed
CVE-2025-43424 was published Nov 4, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database