GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
28,656 advisories
pypdf's LZWDecode streams be manipulated to exhaust RAM
Moderate
CVE-2025-66019
was published
for
pypdf
(pip)
Nov 24, 2025
Formwork CMS has Stored Cross-Site Scripting Vulnerebility in Blog Tags
Moderate
CVE-2025-65956
was published
for
getformwork/formwork
(Composer)
Nov 24, 2025
OpenBao is Vulnerable to Privileged Operator Identity Group Root Escalation
High
CVE-2025-64761
was published
for
github.com/openbao/openbao
(Go)
Nov 24, 2025
new-api is vulnerable to SSRF Bypass
High
CVE-2025-62155
was published
for
github.com/QuantumNous/new-api
(Go)
Nov 24, 2025
thread-amount Vulnerable to Resource Exhaustion (Memory and Handle Leaks) on Windows and macOS
High
CVE-2025-65947
was published
for
thread-amount
(Rust)
Nov 21, 2025
MLX has Wild Pointer Dereference in load_gguf()
Moderate
CVE-2025-62609
was published
for
mlx
(pip)
Nov 21, 2025
MLX has heap-buffer-overflow in load()
Moderate
CVE-2025-62608
was published
for
mlx
(pip)
Nov 21, 2025
Grafana Incorrect Privilege Assignment vulnerability
Critical
CVE-2025-41115
was published
for
github.com/grafana/grafana
(Go)
Nov 21, 2025
vLLM vulnerable to DoS via large Chat Completion or Tokenization requests with specially crafted `chat_template_kwargs`
Moderate
CVE-2025-62426
was published
for
vllm
(pip)
Nov 20, 2025
vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs
High
CVE-2025-62372
was published
for
vllm
(pip)
Nov 20, 2025
vLLM deserialization vulnerability leading to DoS and potential RCE
High
CVE-2025-62164
was published
for
vllm
(pip)
Nov 20, 2025
ProTip!
Advisories are also available from the
GraphQL API