Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,680
Maven
5,000+
npm
4,308
NuGet
760
pip
4,081
Pub
12
RubyGems
958
Rust
1,061
Swift
45
Unreviewed advisories
All unreviewed
5,000+

266 advisories

Loading
node-forge has ASN.1 Unbounded Recursion High
CVE-2025-66031 was published for node-forge (npm) Nov 26, 2025
wodzen
Credited to wodzen
OpenSearch is vulnerable to DoS via complex query_string inputs High
CVE-2025-9624 was published for org.opensearch:opensearch-common (Maven) Nov 25, 2025
IBM Concert 1.0.0 through 2.0.0 could allow a local user with specific permission to obtain... Moderate Unreviewed
CVE-2025-36158 was published Nov 21, 2025
In Xpdf 4.05 (and earlier), a PDF object loop in a CMap, via the "UseCMap" entry, leads to... Low Unreviewed
CVE-2025-11896 was published Oct 17, 2025
When a BIG-IP Advanced WAF or BIG-IP ASM Security Policy is configured with a JSON content... High Unreviewed
CVE-2025-54858 was published Oct 15, 2025
IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an... Moderate Unreviewed
CVE-2025-33096 was published Oct 12, 2025
When the module renders a Svg file that contains a <pattern> element, it might end up rendering... Critical Unreviewed
CVE-2025-10728 was published Oct 3, 2025
Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption and a SIGSEGV via deeply... Moderate Unreviewed
CVE-2025-43718 was published Oct 1, 2025
express-xss-sanitizer has an unbounded recursion depth Moderate
CVE-2025-59364 was published for express-xss-sanitizer (npm) Sep 26, 2025
Duplicate Advisory: express-xss-sanitizer has an unbounded recursion depth Moderate
GHSA-qhwp-454g-2gv4 was published for express-xss-sanitizer (npm) Sep 15, 2025 withdrawn
cai0duque AhmedAdelFahim
Credited to cai0duque and AhmedAdelFahim
Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a... Moderate Unreviewed
CVE-2025-9714 was published Sep 10, 2025
In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix stack... Moderate Unreviewed
CVE-2025-39704 was published Sep 5, 2025
LlamaIndex affected by a Denial of Service (DOS) in JSONReader High
CVE-2025-5302 was published for llama-index-core (pip) Aug 26, 2025
XGrammar affected by Denial of Service by infinite recursion grammars High
CVE-2025-57809 was published for xgrammar (pip) Aug 25, 2025
xendo
Credited to xendo
Uncontrolled recursion for some TinyCBOR libraries maintained by Intel(R) before version 0.6.1... Moderate Unreviewed
CVE-2025-24302 was published Aug 12, 2025
Uncontrolled recursion for some TinyCBOR libraries maintained by Intel(R) before version 0.6.1... Moderate Unreviewed
CVE-2025-20025 was published Aug 12, 2025
NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker... High Unreviewed
CVE-2025-23325 was published Aug 6, 2025
An issue in Artifex mupdf 1.25.6, 1.25.5 allows a remote attacker to cause a denial of service... High Unreviewed
CVE-2025-46206 was published Aug 4, 2025
An issue in the pdfseparate utility of freedesktop poppler v25.04.0 allows attackers to cause an... High Unreviewed
CVE-2025-50420 was published Aug 4, 2025
In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fix crash... Moderate Unreviewed
CVE-2025-38493 was published Jul 28, 2025
Duplicate Advisory: serde-json-wasm stack overflow during recursive JSON parsing Low
GHSA-j87p-gjr6-m4pv was published for serde-json-wasm (Rust) Jul 27, 2025 withdrawn
Apache Commons Lang is vulnerable to Uncontrolled Recursion when processing long inputs Moderate
CVE-2025-48924 was published for commons-lang:commons-lang (Maven) Jul 11, 2025
Nimbus JOSE + JWT is vulnerable to DoS attacks when processing deeply nested JSON Moderate
CVE-2025-53864 was published for com.nimbusds:nimbus-jose-jwt (Maven) Jul 11, 2025
phrabec vtintillier
Credited to phrabec and vtintillier
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: Check... Moderate Unreviewed
CVE-2025-38315 was published Jul 10, 2025
LlamaIndex vulnerable to DoS attack through uncontrolled recursive JSON parsing Moderate
CVE-2025-5472 was published for llama-index-core (pip) Jul 7, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database