GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
91
GitHub Actions
54
Go
4,194
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,422
Swift
61
Unreviewed advisories
All unreviewed
5,000+
28 advisories
Filter by severity
kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in SCRAM authentication...
High
Unreviewed
CVE-2026-10143
was published
Jun 11, 2026
Logic bypass vulnerability in the file system. Impact: Successful exploitation of this...
Low
Unreviewed
CVE-2026-41986
was published
Jun 9, 2026
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS...
Moderate
Unreviewed
CVE-2026-27145
was published
Jun 3, 2026
An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad...
Moderate
Unreviewed
CVE-2026-5950
was published
May 20, 2026
A denial of service (DoS) vulnerability in Palo Alto Networks Prisma SD-WAN ION devices enables...
Moderate
Unreviewed
CVE-2026-0243
was published
May 13, 2026
Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger...
High
Unreviewed
CVE-2026-39820
was published
May 7, 2026
Uncontrolled Recursion vulnerability in Apache Thrift.
This issue affects Apache Thrift: before...
Moderate
Unreviewed
CVE-2026-41606
was published
Apr 28, 2026
If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the...
High
Unreviewed
CVE-2026-1519
was published
Mar 25, 2026
Liquid Studio 2.17 contains a denial of service vulnerability that allows local attackers to...
Moderate
Unreviewed
CVE-2019-25624
was published
Mar 23, 2026
Due to an uncontrolled resource consumption (Denial of Service) vulnerability, an authenticated...
High
Unreviewed
CVE-2026-27689
was published
Mar 10, 2026
Due to an uncontrolled resource consumption (Denial of Service) vulnerability, an authenticated...
High
Unreviewed
CVE-2026-23689
was published
Feb 10, 2026
Plesk Obsidian versions 8.0.1 through 18.0.73 are vulnerable to a Denial of Service (DoS)...
High
Unreviewed
CVE-2025-65518
was published
Jan 8, 2026
Liferay Portal has unchecked input for loop condition vulnerability in XML-RPC
Moderate
CVE-2025-43801
was published
for
com.liferay.portal:com.liferay.portal.impl
(Maven)
Sep 16, 2025
SAP Business Planning and Consolidation allows an authenticated standard user to call a function...
Moderate
Unreviewed
CVE-2025-42930
was published
Sep 9, 2025
Relative Path Traversal vulnerabilities in ASPECT allow access to file resources if session...
High
Unreviewed
CVE-2024-13931
was published
May 22, 2025
An Unchecked Loop Condition in ASPECT provides an attacker the ability to maliciously consume...
Moderate
Unreviewed
CVE-2024-13930
was published
May 22, 2025
An Unchecked Input for Loop Condition in RT-Labs P-Net version 1.0.1 or earlier allows an...
Moderate
Unreviewed
CVE-2025-32399
was published
May 7, 2025
.NET Denial of Service Vulnerability
High
CVE-2024-43499
was published
for
System.Formats.Nrbf
(NuGet)
Nov 12, 2024
Duplicate Advisory: .NET and Visual Studio Denial of Service Vulnerability
High
GHSA-wmm6-pgp8-29hg
was published
for
System.Formats.Nrbf
(NuGet)
Nov 12, 2024
•
withdrawn
NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling...
Moderate
Unreviewed
CVE-2024-8508
was published
Oct 3, 2024
Issue summary: Checking excessively long DSA keys or parameters may be very
slow.
Impact summary...
Moderate
Unreviewed
CVE-2024-4603
was published
May 16, 2024
Issue summary: Checking excessively long invalid RSA public keys may take
a long time.
Impact...
Moderate
Unreviewed
CVE-2023-6237
was published
Apr 25, 2024
KaTeX's maxExpand bypassed by Unicode sub/superscripts
Moderate
CVE-2024-28244
was published
for
katex
(npm)
Mar 25, 2024
KaTeX's maxExpand bypassed by `\edef`
Moderate
CVE-2024-28243
was published
for
katex
(npm)
Mar 25, 2024
ProTip!
Advisories are also available from the
GraphQL API