Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,248
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,513
Pub
12
RubyGems
997
Rust
1,189
Swift
51
Unreviewed advisories
All unreviewed
5,000+

37 advisories

Loading
Packetbeat does not properly validate an array index in multiple protocol parser components Moderate
CVE-2026-26933 was published for github.com/elastic/beats/v7 (Go) Mar 19, 2026
pgproto3: Negative field length panics in DataRow.Decode High
CVE-2026-4427 was published for github.com/jackc/pgproto3/v2 (Go) Mar 19, 2026
Ella Core panics on invalid PDU Session IDs in NGAP messages Moderate
CVE-2026-33281 was published for github.com/ellanetworks/core (Go) Mar 19, 2026
p1-aji Credited to p1-aji
gosaml2 CBC Padding Panic — Unauthenticated Process Crash High
GHSA-hwqm-qvj9-4jr2 was published for github.com/russellhaering/gosaml2 (Go) Mar 18, 2026
xclow3n Credited to xclow3n
Out-of-Bounds Slice Access in free5GC CHF Leading to DoS High
CVE-2026-32937 was published for github.com/free5gc/chf (Go) Mar 18, 2026
LinZiyuu Credited to LinZiyuu
Denial of service in github.com/jackc/pgproto3/v2 High
GHSA-jqcq-xjh3-6g23 was published for github.com/jackc/pgproto3/v2 (Go) Mar 18, 2026
idunno.Bluesky, idunno.AtProto and idunno.AtProto.OAuthCallback Denial of Service Vulnerability High
GHSA-8fh9-c4jq-94h4 was published for idunno.AtProto (NuGet) Mar 13, 2026
cert-manager-controller DoS via Specially Crafted DNS Response Moderate
CVE-2026-25518 was published for github.com/cert-manager/cert-manager (Go) Feb 2, 2026
1seal Credited to 1seal and SgtCoDFish SgtCoDFish SgtCoDFish
Fiber has a Denial of Service Vulnerability via Route Parameter Overflow Moderate
CVE-2026-25882 was published for github.com/gofiber/fiber/v2 (Go) Feb 24, 2026
sixcolors Credited to sixcolors, TheAspectDev, gaby, and ReneWerner87 TheAspectDev TheAspectDev
gaby gaby ReneWerner87 ReneWerner87
Metricbeat affected by multiple denial of service vulnerabilities Moderate
CVE-2026-0528 was published for github.com/elastic/beats/v7 (Go) Jan 13, 2026
vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs High
CVE-2025-62372 was published for vllm (pip) Nov 20, 2025
DarkLight1337 Credited to DarkLight1337, ywang96, Isotr0py, and russellb ywang96 ywang96
Isotr0py Isotr0py russellb russellb
Fiber panics when fiber.Ctx.BodyParser parses invalid range index High
CVE-2025-48075 was published for github.com/gofiber/fiber/v2 (Go) May 22, 2025
Batleram Credited to Batleram, sixcolors, efectn, ReneWerner87, and gaby sixcolors sixcolors
efectn efectn ReneWerner87 ReneWerner87 gaby gaby
Ollama Server Vulnerable to Denial of Service (DoS) Attack High
CVE-2025-1975 was published for github.com/ollama/ollama (Go) May 16, 2025
onos-lib-go allows an index out-of-range panic Moderate
CVE-2025-30077 was published for github.com/onosproject/onos-lib-go (Go) Mar 16, 2025
Vyper negative array index bounds checks Critical
CVE-2024-24563 was published for vyper (pip) Feb 7, 2024
cyberthirst Credited to cyberthirst and iFrostizz iFrostizz iFrostizz
ADMesh improper array index validation High
CVE-2022-38072 was published for admesh (pip) Apr 3, 2023
CometBFT Vote Extensions: Panic when receiving a Pre-commit with an invalid data High
GHSA-p7mv-53f2-4cwj was published for github.com/cometbft/cometbft (Go) Nov 6, 2024
corverroos Credited to corverroos
audify vulnerable to Improper Validation of Array Index High
CVE-2024-21522 was published for audify (npm) Jul 10, 2024
golang.org/x/net/html Improper Validation of Array Index vulnerability High
CVE-2018-17848 was published for golang.org/x/net (Go) May 13, 2022
Go Ethereum LES protocol implementation vulnerable to Denial of Service High
CVE-2018-12018 was published for github.com/ethereum/go-ethereum (Go) May 14, 2022
dhowden tag panic due to out-of-bounds read Moderate
CVE-2020-29244 was published for github.com/dhowden/tag (Go) May 24, 2022
dhowden tag panic due to out-of-bounds read Moderate
CVE-2020-29243 was published for github.com/dhowden/tag (Go) May 24, 2022
Denial of Service in dhowden/tag Moderate
CVE-2020-29242 was published for github.com/dhowden/tag (Go) Feb 7, 2023
Array size is not checked in sized-chunks High
CVE-2020-25792 was published for sized-chunks (Rust) Aug 25, 2021
tdunlap607 Credited to tdunlap607
`libsqlite3-sys` via C SQLite improperly validates array index High
CVE-2022-35737 was published for libsqlite3-sys (Rust) Aug 4, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database