Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,973
Erlang
39
GitHub Actions
38
Go
2,626
Maven
5,000+
npm
4,257
NuGet
760
pip
4,051
Pub
12
RubyGems
954
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

3,036 advisories

Loading
In allowPackageAccess of multiple files, resource exhaustion is possible when repeatedly adding... Moderate Unreviewed
CVE-2025-26463 was published Sep 5, 2025
In multiple locations, there is a possible permanent denial of service due to resource exhaustion... Moderate Unreviewed
CVE-2025-26449 was published Sep 5, 2025
In multiple functions of AccountManagerService.java, there is a possible permanent denial of... Moderate Unreviewed
CVE-2025-48542 was published Sep 4, 2025
In setupAccessibilityServices of AccessibilityFragment.java , there is a possible way to hide an... Moderate Unreviewed
CVE-2024-40664 was published Sep 4, 2025
In validateIpConfiguration of WifiConfigurationUtil.java, there is a possible way to trigger a... Moderate Unreviewed
CVE-2025-26423 was published Sep 4, 2025
Liferay Portal Vulnerable to Denial of Service in Kaleo Forms Admin High
CVE-2025-43772 was published for com.liferay:com.liferay.portal.workflow.kaleo.forms.web (Maven) Sep 4, 2025
Denial of service High Unreviewed
CVE-2025-36892 was published Sep 4, 2025
A security flaw has been discovered in mixmark-io turndown up to 7.2.1. This affects an unknown... Moderate Unreviewed
CVE-2025-9670 was published Aug 29, 2025
gnark affected by denial of service when computing scalar multiplication using fake-GLV algorithm High
CVE-2025-58157 was published for github.com/consensys/gnark (Go) Aug 29, 2025
feltroidprime
Credited to feltroidprime
An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If... Moderate Unreviewed
CVE-2025-29898 was published Aug 29, 2025
In multiple locations, there is a possible crash loop due to resource exhaustion. This could lead... Moderate Unreviewed
CVE-2024-49740 was published Aug 27, 2025
GraphQL Armor Max-Depth Plugin Bypass via fragment caching Moderate
GHSA-224p-v68g-5g8f was published for @escape.tech/graphql-armor-max-depth (npm) Aug 26, 2025
GraphQL Armor Max-Depth Plugin Bypass via Introspection Query Obfuscation Moderate
GHSA-hmfr-rx46-4jx2 was published for @escape.tech/graphql-armor-max-depth (npm) Aug 26, 2025
M0ngi
Credited to M0ngi
Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 was... High Unreviewed
CVE-2025-55631 was published Aug 22, 2025
Incorrect access control in the RTMP server settings of Reolink Smart 2K+ Plug-in Wi-Fi Video... High Unreviewed
CVE-2025-55634 was published Aug 22, 2025
Bouncy Castle for Java has Uncontrolled Resource Consumption Vulnerability Moderate
CVE-2025-9341 was published for org.bouncycastle:bc-fips (Maven) Aug 22, 2025
Denial-of-Service attack in pyLoad CNL Blueprint using dukpy.evaljs High
CVE-2025-57751 was published for pyload-ng (pip) Aug 21, 2025
cyjhhh
Credited to cyjhhh
A vulnerability has been found in yarnpkg Yarn up to 1.22.22. This impacts the function... Moderate Unreviewed
CVE-2025-9308 was published Aug 21, 2025
An issue in the component /settings/localisation of Akaunting v3.1.18 allows authenticated... Moderate Unreviewed
CVE-2025-55521 was published Aug 21, 2025
vllm API endpoints vulnerable to Denial of Service Attacks High
CVE-2025-48956 was published for vllm (pip) Aug 21, 2025
jperezdealgaba russellb
taneem-ibrahim
Credited to jperezdealgaba, russellb, and taneem-ibrahim
Eclipse Jetty affected by MadeYouReset HTTP/2 vulnerability High
CVE-2025-5115 was published for org.eclipse.jetty.http2:http2-common (Maven) Aug 20, 2025
galbarnahum AnatBB
YanivRL
Credited to galbarnahum, AnatBB, and YanivRL
CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause a denial of... Moderate Unreviewed
CVE-2025-8449 was published Aug 20, 2025
Malicious scripts could bypass the popup blocker to spam new tabs, potentially resulting in... High Unreviewed
CVE-2025-55029 was published Aug 19, 2025
Malicious scripts utilizing repetitive JavaScript alerts could prevent client user interaction in... Moderate Unreviewed
CVE-2025-55028 was published Aug 19, 2025
'Denial-of-service due to out-of-memory in the Graphics: WebRender component.' This vulnerability... High Unreviewed
CVE-2025-9182 was published Aug 19, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database