GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
10 advisories
Uncontrolled recursion DoS in JustHTML() via deeply nested HTML
High
GHSA-v7cf-c9rm-wm3j
was published
for
justhtml
(pip)
Mar 17, 2026
Denial of service via non-terminating SYLT frame parsing loop in tinytag
Moderate
CVE-2026-32889
was published
for
tinytag
(pip)
Mar 19, 2026
Dasel has unbounded YAML alias expansion in dasel leads to CPU/memory denial of service
Moderate
CVE-2026-33320
was published
for
github.com/tomwright/dasel/v3
(Go)
Mar 19, 2026
yaml is vulnerable to Stack Overflow via deeply nested YAML collections
Moderate
CVE-2026-33532
was published
for
yaml
(npm)
Mar 25, 2026
go-git missing validation decoding Index v4 files leads to panic
Low
CVE-2026-33762
was published
for
github.com/go-git/go-git/v5
(Go)
Mar 30, 2026
go-git: Maliciously crafted idx file can cause asymmetric memory consumption
Moderate
CVE-2026-34165
was published
for
github.com/go-git/go-git/v5
(Go)
Mar 30, 2026
Tinyauth has OAuth account confusion via shared mutable state on singleton service instances
High
CVE-2026-33544
was published
for
github.com/steveiliop56/tinyauth
(Go)
Apr 1, 2026
Vite: `server.fs.deny` bypassed with queries
High
CVE-2026-39364
was published
for
vite
(npm)
Apr 6, 2026
Local settings bypass config trust checks
High
CVE-2026-35533
was published
for
mise
(Rust)
Apr 7, 2026
Mistune has a ReDoS in LINK_TITLE_RE that allows denial of service via crafted Markdown input
High
CVE-2026-33079
was published
for
mistune
(pip)
May 6, 2026
ProTip!
Advisories are also available from the
GraphQL API