GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
102
GitHub Actions
54
Go
4,340
Maven
5,000+
npm
5,000+
NuGet
1,033
pip
5,000+
Pub
13
RubyGems
1,122
Rust
1,498
Swift
61
Unreviewed advisories
All unreviewed
5,000+
164,177 advisories
Filter by severity
Helm through 4.2.3, fixed in commit ba6c9a2, contains a denial of service vulnerability in the...
Moderate
Unreviewed
CVE-2026-63308
was published
Jul 17, 2026
SurrealDB before 3.1.5 fail to apply field-level SELECT permissions to ORDER BY clauses, allowing...
Moderate
Unreviewed
CVE-2026-63309
was published
Jul 17, 2026
A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an...
Moderate
Unreviewed
CVE-2026-15007
was published
Jul 17, 2026
Keycloak provides a mechanism called Client Policies to enforce security requirements on clients,...
Moderate
Unreviewed
CVE-2026-16093
was published
Jul 17, 2026
A flaw was found in the authentication configuration endpoint of the keycloak-services component,...
Moderate
Unreviewed
CVE-2026-16104
was published
Jul 17, 2026
A flaw was found in the default-groups REST endpoint and realm representation of Keycloak. This...
Moderate
Unreviewed
CVE-2026-16108
was published
Jul 17, 2026
A flaw was found in the keycloak-services component of Keycloak. This issue is an incomplete fix...
Moderate
Unreviewed
CVE-2026-16103
was published
Jul 17, 2026
HCL DevOps Loop is affected by a Cross-Origin Resource Sharing (CORS) misconfiguration. Improper...
Moderate
Unreviewed
CVE-2026-21761
was published
Jul 17, 2026
A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed an...
Moderate
Unreviewed
CVE-2026-15783
was published
Jul 17, 2026
Authorization bypass through User-Controlled key vulnerability in Gis Informatics Engineering...
Moderate
Unreviewed
CVE-2026-11763
was published
Jul 17, 2026
TheHive through 4.1.24 contains an unauthenticated information disclosure vulnerability that...
Moderate
Unreviewed
CVE-2026-63098
was published
Jul 17, 2026
Skipper: Unbounded Request Body Read in Admission Webhook Causes Memory Exhaustion DoS
Moderate
CVE-2026-54247
was published
for
github.com/zalando/skipper
(Go)
Jul 17, 2026
vLLM: Speech-to-text upload size limit is enforced after full UploadFile read
Moderate
CVE-2026-55646
was published
for
vllm
(pip)
Jul 17, 2026
sanic-cors contains an improper regular expression in the try_match() function
Moderate
CVE-2026-37737
was published
for
sanic-cors
(pip)
Jun 5, 2026
vLLM: Processing differential in multi-channel audio downmixing enables hidden-input/moderation bypass for audio models
Moderate
CVE-2026-34760
was published
for
vllm
(pip)
Jul 17, 2026
ExifReader is vulnerable to denial of service via unbounded decompression of image metadata
Moderate
CVE-2026-8814
was published
for
exifreader
(npm)
May 29, 2026
vLLM: temperature=NaN and temperature=Infinity bypass validation and propagate to GPU kernels
Moderate
CVE-2026-54235
was published
for
vllm
(pip)
Jun 17, 2026
vLLM: OOM Denial of Service via Audio Decompression Bomb
Moderate
CVE-2026-54233
was published
for
vllm
(pip)
Jun 17, 2026
vLLM: image EXIF Rotation & PNG tRNS Transparency Not Normalized, Causing Mismatch Between Model Input and Expectations
Moderate
CVE-2026-12491
was published
for
vllm
(pip)
Jun 17, 2026
vLLM's Artifact Pin Decay allows pinned deployments to load unpinned code, weights, and processors
Moderate
CVE-2026-47155
was published
for
vllm
(pip)
Jun 10, 2026
vLLM Vulnerable to Remote DoS via Special-Token Placeholders
Moderate
CVE-2026-44222
was published
for
vllm
(pip)
May 5, 2026
vLLM: GGUF dequantize kernel int truncation exposes uninitialized GPU memory in multi-tenant serving
Moderate
CVE-2026-53923
was published
for
vllm
(pip)
Jun 17, 2026
vLLM: Unauthenticated OOM Denial of Service via Unbounded `n` Parameter in OpenAI API Server
Moderate
CVE-2026-34756
was published
for
vllm
(pip)
Apr 3, 2026
vLLM: Denial of Service via Unbounded Frame Count in video/jpeg Base64 Processing
Moderate
CVE-2026-34755
was published
for
vllm
(pip)
Apr 3, 2026
vLLM: Server-Side Request Forgery (SSRF) in `download_bytes_from_url `
Moderate
CVE-2026-34753
was published
for
vllm
(pip)
Apr 3, 2026
ProTip!
Advisories are also available from the
GraphQL API