Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,614
Maven
5,000+
npm
4,254
NuGet
760
pip
4,031
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

33 advisories

Loading
pdfmake is vulnerable to Throttling via repeatedly redirecting URL in file embedding High
CVE-2025-11362 was published for pdfmake (npm) Oct 7, 2025
jeran-urban
Credited to jeran-urban
Finance.js vulnerable to DoS via the IRR function’s depth parameter High
CVE-2025-56571 was published for financejs (npm) Sep 30, 2025
Finance.js vulnerable to DoS via the seekZero() parameter High
CVE-2025-56572 was published for financejs (npm) Sep 30, 2025
Axios is vulnerable to DoS attack through lack of data size check High
CVE-2025-58754 was published for axios (npm) Sep 11, 2025
AmeerAssadi FeBe95
Credited to AmeerAssadi and FeBe95
Hono has Body Limit Middleware Bypass Moderate
CVE-2025-59139 was published for hono (npm) Sep 12, 2025
imenyoo2 mwlik
Credited to imenyoo2 and mwlik
Prototype Pollution in lodash High
CVE-2020-8203 was published for lodash (RubyGems) Jul 15, 2020
mitchell-codecov jkmartindale
bengry greengeko tompazourek G-Rath
Credited to mitchell-codecov, jkmartindale, bengry, greengeko, tompazourek, and G-Rath
Withdrawn Advisory: microlight allows a denial of service Low
CVE-2025-45526 was published for microlight (npm) Jun 17, 2025 withdrawn
Qix-
Credited to Qix-
image-size Denial of Service via Infinite Loop during Image Processing High
GHSA-m5qc-5hw7-8vg7 was published for image-size (npm) Apr 2, 2025
dellalibera TheFrankemon
Credited to dellalibera and TheFrankemon
GraphQL Armor Cost-Limit Plugin Bypass via Introspection Query Obfuscation Moderate
GHSA-733v-p3h5-qpq7 was published for @escape.tech/graphql-armor-cost-limit (npm) Apr 25, 2025
M0ngi EvertEt
Credited to M0ngi and EvertEt
Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansion High
CVE-2025-32030 was published for @apollo/gateway (npm) Apr 7, 2025
Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass High
CVE-2025-32031 was published for @apollo/gateway (npm) Apr 7, 2025
Open WebUI Uncontrolled Resource Consumption vulnerability High
CVE-2024-12537 was published for open-webui (npm) Mar 20, 2025
Directus's S3 assets become unavailable after a burst of malformed transformations Moderate
CVE-2025-30225 was published for @directus/storage-driver-s3 (npm) Mar 26, 2025
joselcvarela
Credited to joselcvarela
Directus's S3 assets become unavailable after a burst of HEAD requests Moderate
CVE-2025-30350 was published for @directus/storage-driver-s3 (npm) Mar 26, 2025
joselcvarela
Credited to joselcvarela
jsPDF Bypass Regular Expression Denial of Service (ReDoS) High
CVE-2025-29907 was published for jspdf (npm) Mar 18, 2025
Unlimited consumption of resources in @fastify/multipart High
CVE-2025-24033 was published for @fastify/multipart (npm) Jan 23, 2025
Next.js Allows a Denial of Service (DoS) with Server Actions Moderate
CVE-2024-56332 was published for next (npm) Jan 3, 2025
gnoff ztanner
eps1lon
Credited to gnoff, ztanner, and eps1lon
Regular Expression Denial of Service (ReDoS) in @eslint/plugin-kit Low
CVE-2024-21539 was published for @eslint/plugin-kit (npm) Nov 15, 2024
mariancorneci-snyk SuperMaxine
MikuroXina
Credited to mariancorneci-snyk, SuperMaxine, and MikuroXina
SUCHMOKUO node-worker-threads-pool denial of service Vulnerability Moderate
CVE-2021-29057 was published for node-worker-threads-pool (npm) Aug 11, 2023
nalandial
Credited to nalandial
The `size` option isn't honored after following a redirect in node-fetch Low
CVE-2020-15168 was published for node-fetch (npm) Sep 10, 2020
rynop tdunlap607
ziviseal
Credited to rynop, tdunlap607, and ziviseal
Strapi Improper Rate Limiting vulnerability High
CVE-2023-38507 was published for @strapi/admin (npm) Sep 13, 2023
scgajge12 derrickmehaffy
innerdvations alexandrebodin
Credited to scgajge12, derrickmehaffy, innerdvations, and alexandrebodin
Allocation of Resources Without Limits or Throttling in vriteio/vrite Moderate
CVE-2023-5573 was published for @vrite/sdk (npm) Oct 13, 2023
OpenZeppelin Contracts ERC165Checker unbounded gas consumption Moderate
CVE-2022-35915 was published for @openzeppelin/contracts (npm) Aug 14, 2022
NocoDB vulnerable to Denial of Service Moderate
CVE-2022-3423 was published for nocodb (npm) Oct 7, 2022
libp2p DoS vulnerability from lack of resource management High
CVE-2022-23487 was published for libp2p (npm) Dec 7, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database