Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,585
Maven
5,000+
npm
5,000+
NuGet
923
pip
4,817
Pub
13
RubyGems
1,043
Rust
1,251
Swift
53
Unreviewed advisories
All unreviewed
5,000+

7 advisories

Loading
OpenTelemetry.Sampler.AWS & OpenTelemetry.Resources.AWS have unbounded HTTP response body reads Moderate
CVE-2026-41173 was published for OpenTelemetry.Resources.AWS (NuGet) Apr 23, 2026
Kielek Credited to Kielek, normj, martincostello, and arminru normj normj
martincostello martincostello arminru arminru
OpenTelemetry dotnet: Excessive memory allocation when parsing OpenTelemetry propagation headers Moderate
CVE-2026-40894 was published for OpenTelemetry.Api (NuGet) Apr 23, 2026
martincostello Credited to martincostello, Kielek, and arminru Kielek Kielek
arminru arminru
OpenTelemetry dotnet: Unbounded `grpc-status-details-bin` parsing in OTLP/gRPC retry handling Moderate
CVE-2026-40891 was published for OpenTelemetry.Exporter.OpenTelemetryProtocol (NuGet) Apr 23, 2026
Kielek Credited to Kielek, martincostello, and arminru martincostello martincostello
arminru arminru
OpenTelemetry dotnet: OTLP exporter reads unbounded HTTP response bodies Moderate
CVE-2026-40182 was published for OpenTelemetry.Exporter.OpenTelemetryProtocol (NuGet) Apr 23, 2026
martincostello Credited to martincostello, 1seal, Kielek, and arminru 1seal 1seal
Kielek Kielek arminru arminru
OpenTelemetry .NET has potential memory exhaustion via unbounded pooled-list sizing in Jaeger exporter conversion path Moderate
CVE-2026-41078 was published for OpenTelemetry.Exporter.Jaeger (NuGet) Apr 18, 2026
Kielek Credited to Kielek and arminru arminru arminru
OpenTelemetry Collector module AWS Firehose Receiver Authentication Bypass Vulnerability Moderate
CVE-2024-45043 was published for github.com/open-telemetry/opentelemetry-collector-contrib/receiver/awsfirehosereceiver (Go) Aug 29, 2024
DouglasHeriot Credited to DouglasHeriot, Aneurysm9, and arminru Aneurysm9 Aneurysm9
arminru arminru
open-telemetry has an Observable Timing Discrepancy Moderate
CVE-2024-42368 was published for github.com/open-telemetry/opentelemetry-collector-contrib/extension/bearertokenauthextension (Go) Aug 13, 2024
axw Credited to axw, arminru, frzifus, mx-psi, and evan-bradley arminru arminru
frzifus frzifus mx-psi mx-psi evan-bradley evan-bradley
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database