Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

82 advisories

Loading
jsPDF Denial of Service (DoS) High
CVE-2025-57810 was published for jspdf (npm) Aug 26, 2025
AlexRomberg
Credited to AlexRomberg
quiche connection ID retirement can trigger an infinite loop High
CVE-2025-7054 was published for quiche (Rust) Aug 7, 2025
catenacyber
Credited to catenacyber
ImageMagick has XMP profile write that triggers hang due to unbounded loop High
CVE-2025-53015 was published for Magick.NET-Q16-AnyCPU (NuGet) Jul 23, 2025
yosiimich root-Brainoverflow
jin-156 JungWooJJING I-mho T1deSEC P2GONE GAP-dev
Credited to yosiimich, root-Brainoverflow, jin-156, JungWooJJING, I-mho, T1deSEC, P2GONE, and GAP-dev
GeoServer Infinite Loop Vulnerability in Jiffle process High
CVE-2025-30145 was published for org.geoserver.extension:gs-wps-core (Maven) Jun 10, 2025
sikeoka
Credited to sikeoka
Infinite loop condition in Amazon.IonDotnet High
CVE-2025-3857 was published for Amazon.IonDotnet (NuGet) Apr 21, 2025
SurrealDB CPU exhaustion via custom functions result in total DoS High
GHSA-pxw4-94j3-v9pf was published for surrealdb (Rust) Apr 11, 2025
cure53
Credited to cure53
ZenML unauthenticated DoS via Multipart Boundry High
CVE-2024-9340 was published for zenml (pip) Mar 20, 2025
LlamaIndex Improper Handling of Exceptional Conditions vulnerability High
CVE-2024-12704 was published for llama_index (pip) Mar 20, 2025
FastChat Uncontrolled Resource Consumption vulnerability High
CVE-2024-10907 was published for fschat (pip) Mar 20, 2025
InvokeAI has Denial of Service (DoS) vulnerability in `/api/v1/images/upload` High
CVE-2024-10821 was published for InvokeAI (pip) Mar 20, 2025
DB-GPT Uncontrolled Resource Consumption vulnerability High
CVE-2024-10829 was published for dbgpt (pip) Mar 20, 2025
In Azle, calling `setTimer` causes infinite loop of timers High
CVE-2025-29776 was published for azle (npm) Mar 14, 2025
OpenDJ Denial of Service (DoS) using alias loop High
CVE-2025-27497 was published for org.openidentityplatform.opendj:opendj-server-legacy (Maven) Mar 5, 2025
hannes96
Credited to hannes96
Drupal core Denial of Service High
CVE-2024-11941 was published for drupal/core (Composer) Dec 5, 2024
Aim denial of service vulnerability High
CVE-2024-6227 was published for aim (pip) Jul 8, 2024
Soot Infinite Loop vulnerability High
CVE-2023-46442 was published for org.soot-oss:soot (Maven) May 24, 2024
Ryu Infinite Loop vulnerability High
CVE-2024-34488 was published for ryu (pip) May 5, 2024
Ryu Infinite Loop vulnerability High
CVE-2024-34489 was published for ryu (pip) May 5, 2024
aiohttp vulnerable to Denial of Service when trying to parse malformed POST requests High
CVE-2024-30251 was published for aiohttp (pip) May 3, 2024
bytehope
Credited to bytehope
Denial of Service Vulnerability in Rustls Library High
CVE-2024-32650 was published for rustls (Rust) Apr 19, 2024
Taowyoo arai-fortanix
jjfiv s-arash
Credited to Taowyoo, arai-fortanix, jjfiv, and s-arash
Ryu Infinite Loop vulnerability High
CVE-2024-28732 was published for ryu (pip) Apr 8, 2024
CodeIgniter4 DoS Vulnerability High
CVE-2024-29904 was published for codeigniter4/framework (Composer) Mar 29, 2024
colethorsen
Credited to colethorsen
hutool-core discovered to contain an infinite loop in the StrSplitter.splitByRegex function High
CVE-2023-51075 was published for cn.hutool:hutool-core (Maven) Dec 27, 2023
Candid infinite decoding loop through specially crafted payload High
CVE-2023-6245 was published for candid (Rust) Dec 8, 2023
venkkatesh-sekar chenyan-dfinity
Credited to venkkatesh-sekar and chenyan-dfinity
MediaWiki Denial of Service vulnerability High
CVE-2023-45363 was published for mediawiki/core (Composer) Oct 9, 2023
Rudloff
Credited to Rudloff
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database