Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

146 advisories

Loading
Protocol manipulation might lead to denial of service.This issue affects BLU-IC2: through 1.19.5;... Critical Unreviewed
CVE-2025-12423 was published Oct 28, 2025
An attacker who tampers with the C++ CLI client may crash the UpdateService during file transfers... Moderate Unreviewed
CVE-2025-59462 was published Oct 27, 2025
Uncaught Exception (CWE-248) in the Command Centre Server allows an Authorized and Privileged... Moderate Unreviewed
CVE-2025-48430 was published Oct 23, 2025
alloy-dyn-abi has DoS vulnerability on `alloy_dyn_abi::TypedData` hashing High
CVE-2025-62370 was published for alloy-dyn-abi (Rust) Oct 15, 2025
emostov cr-tk
Credited to emostov and cr-tk
Uncaught exception in Microsoft Office allows an unauthorized attacker to deny service locally. Moderate Unreviewed
CVE-2025-59229 was published Oct 14, 2025
A denial-of-service security issue in the affected product. The security issue stems from a fault... High Unreviewed
CVE-2025-9124 was published Oct 14, 2025
Argo CD Unauthenticated Remote DoS via malformed Azure DevOps git.push webhook High
CVE-2025-59538 was published for github.com/argoproj/argo-cd/v2 (Go) Sep 30, 2025
jake-ciolek crenshaw-dev
blakepettersson
Credited to jake-ciolek, crenshaw-dev, and blakepettersson
A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is... High Unreviewed
CVE-2025-55557 was published Sep 25, 2025
A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a... High Unreviewed
CVE-2025-55553 was published Sep 25, 2025
CISA Thorium uses '.unwrap()' to handle errors related to account verification email messages. An... Moderate Unreviewed
CVE-2025-35436 was published Sep 17, 2025
TYPO3 Bookmark Toolbar vulnerable to denial of service Moderate
CVE-2025-59014 was published for typo3/cms-backend (Composer) Sep 9, 2025
Uncaught exception issue exists in Multiple products in bizhub series. If a malformed file is... Moderate Unreviewed
CVE-2025-54777 was published Aug 29, 2025
A denial-of-service vulnerability exists in Sysax Multi-Server version 6.10 via its SSH daemon. A... High Unreviewed
CVE-2013-10065 was published Aug 5, 2025
Kyverno's Improper JMESPath Variable Evaluation Lead to Denial of Service High
CVE-2025-47281 was published for github.com/kyverno/kyverno (Go) Jul 22, 2025
thevilledev
Credited to thevilledev
HAX CMS NodeJS Application Has Improper Error Handling That Leads to Denial of Service High
CVE-2025-54134 was published for @haxtheweb/haxcms-nodejs (npm) Jul 21, 2025
asareynolds
Credited to asareynolds
Multer vulnerable to Denial of Service via unhandled exception from malformed request High
CVE-2025-7338 was published for multer (npm) Jul 17, 2025
ctcpip UlisesGascon
LinusU
Credited to ctcpip, UlisesGascon, and LinusU
Qwik's unhandled exception vulnerabilty can cause server crashes from malicious requests Critical
CVE-2025-53620 was published for @builder.io/qwik-city (npm) Jul 9, 2025
finalgamer
Credited to finalgamer
MCP Python SDK vulnerability in the FastMCP Server causes validation error, leading to DoS High
CVE-2025-53366 was published for mcp (pip) Jul 4, 2025
rharang
Credited to rharang
MCP Python SDK has Unhandled Exception in Streamable HTTP Transport, Leading to Denial of Service High
CVE-2025-53365 was published for mcp (pip) Jul 4, 2025
rharang
Credited to rharang
AVEVA PI Data Archive products are vulnerable to an uncaught exception that, if exploited, could... High Unreviewed
CVE-2025-44019 was published Jun 12, 2025
AVEVA PI Data Archive products are vulnerable to an uncaught exception that, if exploited, could... High Unreviewed
CVE-2025-36539 was published Jun 12, 2025
Deserialization vulnerability in the IPC module Impact: Successful exploitation of this... Moderate Unreviewed
CVE-2025-48907 was published Jun 6, 2025
Multer vulnerable to Denial of Service via unhandled exception High
CVE-2025-48997 was published for multer (npm) Jun 5, 2025
bjohansebas ctcpip
Markiz9999 UlisesGascon wesleytodd LinusU
Credited to bjohansebas, ctcpip, Markiz9999, UlisesGascon, wesleytodd, and LinusU
quic-go Has Panic in Path Probe Loss Recovery Handling High
CVE-2025-29785 was published for github.com/quic-go/quic-go (Go) Jun 3, 2025
vLLM allows clients to crash the openai server with invalid regex Moderate
CVE-2025-48943 was published for vllm (pip) May 28, 2025
g-eoj russellb
Jason-CKY
Credited to g-eoj, russellb, and Jason-CKY
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database