Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,968
Erlang
39
GitHub Actions
38
Go
2,616
Maven
5,000+
npm
4,255
NuGet
760
pip
4,040
Pub
12
RubyGems
953
Rust
1,050
Swift
45
Unreviewed advisories
All unreviewed
5,000+

136 advisories

Loading
jsPDF Denial of Service (DoS) High
CVE-2025-57810 was published for jspdf (npm) Aug 26, 2025
AlexRomberg
Credited to AlexRomberg
quiche connection ID retirement can trigger an infinite loop High
CVE-2025-7054 was published for quiche (Rust) Aug 7, 2025
catenacyber
Credited to catenacyber
Duplicate Advisory: Low severity (DoS) vulnerability in sequoia-openpgp Low
GHSA-g97w-mw7g-v3jv was published for sequoia-openpgp (Rust) Jul 27, 2025 withdrawn
ImageMagick has XMP profile write that triggers hang due to unbounded loop High
CVE-2025-53015 was published for Magick.NET-Q16-AnyCPU (NuGet) Jul 23, 2025
yosiimich root-Brainoverflow
jin-156 JungWooJJING I-mho T1deSEC P2GONE GAP-dev
Credited to yosiimich, root-Brainoverflow, jin-156, JungWooJJING, I-mho, T1deSEC, P2GONE, and GAP-dev
OctoPrint Vulnerable to Denial of Service through malformed HTTP request in OctoPrint Moderate
CVE-2025-48879 was published for OctoPrint (pip) Jun 10, 2025
jacopotediosi
Credited to jacopotediosi
GeoServer Infinite Loop Vulnerability in Jiffle process High
CVE-2025-30145 was published for org.geoserver.extension:gs-wps-core (Maven) Jun 10, 2025
sikeoka
Credited to sikeoka
Infinite loop condition in Amazon.IonDotnet High
CVE-2025-3857 was published for Amazon.IonDotnet (NuGet) Apr 21, 2025
SurrealDB CPU exhaustion via custom functions result in total DoS High
GHSA-pxw4-94j3-v9pf was published for surrealdb (Rust) Apr 11, 2025
cure53
Credited to cure53
ts-asn1-der has Incorrect DER Encoding of Numbers Leading to Denial of Service and Incorrect Value Representation Moderate
CVE-2025-32029 was published for @apeleghq/asn1-der (npm) Apr 7, 2025
ZenML unauthenticated DoS via Multipart Boundry High
CVE-2024-9340 was published for zenml (pip) Mar 20, 2025
LlamaIndex Improper Handling of Exceptional Conditions vulnerability High
CVE-2024-12704 was published for llama_index (pip) Mar 20, 2025
FastChat Uncontrolled Resource Consumption vulnerability High
CVE-2024-10907 was published for fschat (pip) Mar 20, 2025
DB-GPT Uncontrolled Resource Consumption vulnerability High
CVE-2024-10829 was published for dbgpt (pip) Mar 20, 2025
InvokeAI has Denial of Service (DoS) vulnerability in `/api/v1/images/upload` High
CVE-2024-10821 was published for InvokeAI (pip) Mar 20, 2025
In Azle, calling `setTimer` causes infinite loop of timers High
CVE-2025-29776 was published for azle (npm) Mar 14, 2025
OpenDJ Denial of Service (DoS) using alias loop High
CVE-2025-27497 was published for org.openidentityplatform.opendj:opendj-server-legacy (Maven) Mar 5, 2025
hannes96
Credited to hannes96
Infinite loop and Blind SSRF found inside the Webfinger mechanism in @fedify/fedify Moderate
CVE-2025-23221 was published for @fedify/fedify (npm) Jan 21, 2025
nnfrog
Credited to nnfrog
Predictable results in nanoid generation when given non-integer values Moderate
CVE-2024-55565 was published for nanoid (npm) Dec 9, 2024
krassowski katzj
CrzyHAX91
Credited to krassowski, katzj, and CrzyHAX91
Drupal core Denial of Service High
CVE-2024-11941 was published for drupal/core (Composer) Dec 5, 2024
Infinite loop in github.com/gomarkdown/markdown Moderate
CVE-2024-44337 was published for github.com/gomarkdown/markdown (Go) Oct 15, 2024
sigstore-go has an unbounded loop over untrusted input can lead to endless data attack Low
CVE-2024-45395 was published for github.com/sigstore/sigstore-go (Go) Sep 4, 2024
AdamKorcz codysoyland
Credited to AdamKorcz and codysoyland
zipp Denial of Service vulnerability Moderate
CVE-2024-5569 was published for zipp (pip) Jul 9, 2024
Aim denial of service vulnerability High
CVE-2024-6227 was published for aim (pip) Jul 8, 2024
Low severity (DoS) vulnerability in sequoia-openpgp Low
CVE-2024-58261 was published for sequoia-openpgp (Rust) Jun 26, 2024
Soot Infinite Loop vulnerability High
CVE-2023-46442 was published for org.soot-oss:soot (Maven) May 24, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database