Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,762
Maven
5,000+
npm
4,371
NuGet
767
pip
4,141
Pub
12
RubyGems
962
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

272 advisories

Loading
Nodemailer is vulnerable to DoS through Uncontrolled Recursion Moderate
CVE-2025-14874 was published for nodemailer (npm) Dec 18, 2025
uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by... Low Unreviewed
CVE-2025-67899 was published Dec 15, 2025
Uncontrolled recursion in the json2pb component in Apache bRPC (version < 1.15.0) on all... High Unreviewed
CVE-2025-59789 was published Dec 1, 2025
node-forge has ASN.1 Unbounded Recursion High
CVE-2025-66031 was published for node-forge (npm) Nov 26, 2025
wodzen
Credited to wodzen
OpenSearch is vulnerable to DoS via complex query_string inputs High
CVE-2025-9624 was published for org.opensearch:opensearch-common (Maven) Nov 25, 2025
RafSobol
Credited to RafSobol
IBM Concert 1.0.0 through 2.0.0 could allow a local user with specific permission to obtain... Moderate Unreviewed
CVE-2025-36158 was published Nov 21, 2025
In Xpdf 4.05 (and earlier), a PDF object loop in a CMap, via the "UseCMap" entry, leads to... Low Unreviewed
CVE-2025-11896 was published Oct 17, 2025
When a BIG-IP Advanced WAF or BIG-IP ASM Security Policy is configured with a JSON content... High Unreviewed
CVE-2025-54858 was published Oct 15, 2025
IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an... Moderate Unreviewed
CVE-2025-33096 was published Oct 12, 2025
When the module renders a Svg file that contains a <pattern> element, it might end up rendering... Critical Unreviewed
CVE-2025-10728 was published Oct 3, 2025
Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption and a SIGSEGV via deeply... Moderate Unreviewed
CVE-2025-43718 was published Oct 1, 2025
express-xss-sanitizer has an unbounded recursion depth Moderate
CVE-2025-59364 was published for express-xss-sanitizer (npm) Sep 26, 2025
In the Linux kernel, the following vulnerability has been resolved: powercap: arm_scmi: Remove... Moderate Unreviewed
CVE-2023-53428 was published Sep 18, 2025
In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/qm -... Moderate Unreviewed
CVE-2022-50407 was published Sep 18, 2025
Duplicate Advisory: express-xss-sanitizer has an unbounded recursion depth Moderate
GHSA-qhwp-454g-2gv4 was published for express-xss-sanitizer (npm) Sep 15, 2025 withdrawn
cai0duque AhmedAdelFahim
Credited to cai0duque and AhmedAdelFahim
Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a... Moderate Unreviewed
CVE-2025-9714 was published Sep 10, 2025
In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix stack... Moderate Unreviewed
CVE-2025-39704 was published Sep 5, 2025
LlamaIndex affected by a Denial of Service (DOS) in JSONReader High
CVE-2025-5302 was published for llama-index-core (pip) Aug 26, 2025
XGrammar affected by Denial of Service by infinite recursion grammars High
CVE-2025-57809 was published for xgrammar (pip) Aug 25, 2025
xendo
Credited to xendo
Uncontrolled recursion for some TinyCBOR libraries maintained by Intel(R) before version 0.6.1... Moderate Unreviewed
CVE-2025-24302 was published Aug 12, 2025
Uncontrolled recursion for some TinyCBOR libraries maintained by Intel(R) before version 0.6.1... Moderate Unreviewed
CVE-2025-20025 was published Aug 12, 2025
NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker... High Unreviewed
CVE-2025-23325 was published Aug 6, 2025
An issue in the pdfseparate utility of freedesktop poppler v25.04.0 allows attackers to cause an... High Unreviewed
CVE-2025-50420 was published Aug 4, 2025
An issue in Artifex mupdf 1.25.6, 1.25.5 allows a remote attacker to cause a denial of service... High Unreviewed
CVE-2025-46206 was published Aug 4, 2025
In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fix crash... Moderate Unreviewed
CVE-2025-38493 was published Jul 28, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database