Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,750
Maven
5,000+
npm
4,353
NuGet
765
pip
4,114
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

153 advisories

Filter by severity
All severities
Low
Moderate
High
Critical
Loading
robrichards/xmlseclibs has an Libxml2 Canonicalization error which can bypass Digest/Signature validation Moderate
CVE-2025-66578 was published for robrichards/xmlseclibs (Composer) Dec 8, 2025
d0ge
Credited to d0ge
In Modem, there is a possible system crash due to an uncaught exception. This could lead to... Moderate Unreviewed
CVE-2025-20758 was published Dec 2, 2025
In Modem, there is a possible system crash due to an incorrect bounds check. This could lead to... Moderate Unreviewed
CVE-2025-20754 was published Dec 2, 2025
In Modem, there is a possible system crash due to an uncaught exception. This could lead to... Moderate Unreviewed
CVE-2025-20753 was published Dec 2, 2025
Grav vulnerable to Denial of Service via Improper Input Handling in 'Supported' Parameter High
CVE-2025-66305 was published for getgrav/grav (Composer) Dec 2, 2025
marcelomuldernmmorette
Credited to marcelomulder and nmmorette
On affected platforms running Arista EOS, certain serial console input might result in an... Moderate Unreviewed
CVE-2025-8870 was published Nov 14, 2025
Protocol manipulation might lead to denial of service.This issue affects BLU-IC2: through 1.19.5;... Critical Unreviewed
CVE-2025-12423 was published Oct 28, 2025
An attacker who tampers with the C++ CLI client may crash the UpdateService during file transfers... Moderate Unreviewed
CVE-2025-59462 was published Oct 27, 2025
Uncaught Exception (CWE-248) in the Command Centre Server allows an Authorized and Privileged... Moderate Unreviewed
CVE-2025-48430 was published Oct 23, 2025
alloy-dyn-abi has DoS vulnerability on `alloy_dyn_abi::TypedData` hashing High
CVE-2025-62370 was published for alloy-dyn-abi (Rust) Oct 15, 2025
emostovcr-tk
Credited to emostov and cr-tk
Uncaught exception in Microsoft Office allows an unauthorized attacker to deny service locally. Moderate Unreviewed
CVE-2025-59229 was published Oct 14, 2025
A denial-of-service security issue in the affected product. The security issue stems from a fault... High Unreviewed
CVE-2025-9124 was published Oct 14, 2025
Argo CD Unauthenticated Remote DoS via malformed Azure DevOps git.push webhook High
CVE-2025-59538 was published for github.com/argoproj/argo-cd/v2 (Go) Sep 30, 2025
jake-ciolekcrenshaw-dev
blakepettersson
Credited to jake-ciolek, crenshaw-dev, and blakepettersson
A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a... High Unreviewed
CVE-2025-55553 was published Sep 25, 2025
A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is... High Unreviewed
CVE-2025-55557 was published Sep 25, 2025
CISA Thorium uses '.unwrap()' to handle errors related to account verification email messages. An... Moderate Unreviewed
CVE-2025-35436 was published Sep 17, 2025
TYPO3 Bookmark Toolbar vulnerable to denial of service Moderate
CVE-2025-59014 was published for typo3/cms-backend (Composer) Sep 9, 2025
Uncaught exception issue exists in Multiple products in bizhub series. If a malformed file is... Moderate Unreviewed
CVE-2025-54777 was published Aug 29, 2025
A denial-of-service vulnerability exists in Sysax Multi-Server version 6.10 via its SSH daemon. A... High Unreviewed
CVE-2013-10065 was published Aug 5, 2025
Kyverno's Improper JMESPath Variable Evaluation Lead to Denial of Service High
CVE-2025-47281 was published for github.com/kyverno/kyverno (Go) Jul 22, 2025
thevilledev
Credited to thevilledev
HAX CMS NodeJS Application Has Improper Error Handling That Leads to Denial of Service High
CVE-2025-54134 was published for @haxtheweb/haxcms-nodejs (npm) Jul 21, 2025
asareynolds
Credited to asareynolds
Multer vulnerable to Denial of Service via unhandled exception from malformed request High
CVE-2025-7338 was published for multer (npm) Jul 17, 2025
ctcpipUlisesGascon
LinusU
Credited to ctcpip, UlisesGascon, and LinusU
Qwik's unhandled exception vulnerabilty can cause server crashes from malicious requests Critical
CVE-2025-53620 was published for @builder.io/qwik-city (npm) Jul 9, 2025
finalgamer
Credited to finalgamer
MCP Python SDK vulnerability in the FastMCP Server causes validation error, leading to DoS High
CVE-2025-53366 was published for mcp (pip) Jul 4, 2025
rharang
Credited to rharang
MCP Python SDK has Unhandled Exception in Streamable HTTP Transport, Leading to Denial of Service High
CVE-2025-53365 was published for mcp (pip) Jul 4, 2025
rharang
Credited to rharang
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database