GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
10,988 advisories
MLX has Wild Pointer Dereference in load_gguf()
Moderate
CVE-2025-62609
was published
for
mlx
(pip)
Nov 21, 2025
MLX has heap-buffer-overflow in load()
Moderate
CVE-2025-62608
was published
for
mlx
(pip)
Nov 21, 2025
net-imap rubygem vulnerable to possible DoS by memory exhaustion
Moderate
CVE-2025-43857
was published
for
net-imap
(RubyGems)
Apr 28, 2025
vLLM vulnerable to DoS via large Chat Completion or Tokenization requests with specially crafted `chat_template_kwargs`
Moderate
CVE-2025-62426
was published
for
vllm
(pip)
Nov 20, 2025
Astro Cloudflare adapter has Stored Cross Site Scripting vulnerability in /_image endpoint
Moderate
CVE-2025-65019
was published
for
astro
(npm)
Nov 19, 2025
Angular vulnerable to Cross-site Scripting
Moderate
CVE-2021-4231
was published
for
@angular/core
(npm)
May 27, 2022
Angular vulnerable to Cross-site Scripting
Moderate
CVE-2020-7676
was published
for
angular
(npm)
Jun 18, 2020
marimo vulnerable to proxy abuse of /mpl/{port}/
Moderate
GHSA-xjv7-6w92-42r7
was published
for
marimo
(pip)
Oct 1, 2025
golang.org/x/crypto/ssh/agent vulnerable to panic if message is malformed due to out of bounds read
Moderate
CVE-2025-47914
was published
for
golang.org/x/crypto
(Go)
Nov 19, 2025
esm.sh CDN service has JS Template Literal Injection in CSS-to-JavaScript
Moderate
CVE-2025-65026
was published
for
github.com/esm-dev/esm.sh
(Go)
Nov 19, 2025
Astro's middleware authentication checks based on url.pathname can be bypassed via url encoded values
Moderate
CVE-2025-64765
was published
for
astro
(npm)
Nov 19, 2025
ProTip!
Advisories are also available from the
GraphQL API