Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,562
Maven
5,000+
npm
5,000+
NuGet
917
pip
4,807
Pub
13
RubyGems
1,038
Rust
1,238
Swift
53
Unreviewed advisories
All unreviewed
5,000+

3,346 advisories

Loading
Tanium addressed an uncontrolled resource consumption vulnerability in Interact. Low Unreviewed
CVE-2026-6416 was published Apr 22, 2026
A vulnerability was identified in Sanluan PublicCMS up to 6.202506.d. Affected by this... Moderate Unreviewed
CVE-2026-6797 was published Apr 21, 2026
Tekton Pipelines: HTTP Resolver Unbounded Response Body Read Enables Denial of Service via Memory Exhaustion Moderate
CVE-2026-40924 was published for github.com/tektoncd/pipeline (Go) Apr 21, 2026
offset Credited to offset and vdemeester vdemeester vdemeester
OpenBao: Decompression Bomb via Unbounded Copy in OCI Plugin Extraction (DoS) Low
CVE-2026-39396 was published for github.com/openbao/openbao (Go) Apr 21, 2026
n1rwhex Credited to n1rwhex
Signal K Server has an Unauthenticated Regular Expression Denial of Service (ReDoS) via WebSocket Subscription Paths High
CVE-2026-39320 was published for signalk-server (npm) Apr 21, 2026
VashuVats Credited to VashuVats
Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox... High Unreviewed
CVE-2026-6781 was published Apr 21, 2026
Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox... High Unreviewed
CVE-2026-6780 was published Apr 21, 2026
A vulnerability in the SQL Box in the admin interface of OTRS leads to an uncontrolled resource... Moderate Unreviewed
CVE-2026-6060 was published Apr 20, 2026
A security vulnerability has been detected in lm-sys fastchat up to 0.2.36. This issue affects... Moderate Unreviewed
CVE-2026-6607 was published Apr 20, 2026
A vulnerability has been found in Lagom WHMCS Template up to 2.4.2. This impacts an unknown... Moderate Unreviewed
CVE-2026-6601 was published Apr 20, 2026
OpenTelemetry .NET has potential memory exhaustion via unbounded pooled-list sizing in Jaeger exporter conversion path Moderate
CVE-2026-41078 was published for OpenTelemetry.Exporter.Jaeger (NuGet) Apr 18, 2026
Kielek Credited to Kielek and arminru arminru arminru
OpenClaw: Voice-call realtime WebSocket accepted oversized frames High
GHSA-vw3h-q6xq-jjm5 was published for openclaw (npm) Apr 17, 2026
G0odUser Credited to G0odUser
Bouncy Castle Uncontrolled Resource Consumption vulnerability High
CVE-2026-3505 was published for org.bouncycastle:bcpg-jdk12 (Maven) Apr 17, 2026
Uncontrolled Resource Consumption in Bosch VMS Central Server in Bosch VMS 12.0.1 allows... High Unreviewed
CVE-2024-33618 was published Apr 17, 2026
Meridian: Multiple defense-in-depth gaps (collection/depth caps, telemetry, retry, fan-out) High
GHSA-f5v8-v6q3-q4h6 was published for Meridian.Mapping (NuGet) Apr 16, 2026
basic-ftp vulnerable to denial of service via unbounded memory consumption in Client.list() High
GHSA-rp42-5vxx-qpwr was published for basic-ftp (npm) Apr 16, 2026
MaanVader Credited to MaanVader
zrok: Unauthenticated DoS via unbounded memory allocation in striped session cookie parsing High
CVE-2026-40303 was published for github.com/openziti/zrok (Go) Apr 16, 2026
python-multipart affected by Denial of Service via large multipart preamble or epilogue data Moderate
CVE-2026-40347 was published for python-multipart (pip) Apr 15, 2026
HamdaanAliQuatil Credited to HamdaanAliQuatil and defnull defnull defnull
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled Resource... Low Unreviewed
CVE-2026-27307 was published Apr 15, 2026
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled Resource... Low Unreviewed
CVE-2026-27308 was published Apr 15, 2026
Uncontrolled resource consumption and loop with unreachable exit condition in facil.io and downstream iodine ruby gem High
GHSA-2x79-gwq3-vxxm was published for iodine (RubyGems) Apr 14, 2026
michaelknap Credited to michaelknap
Microsoft Security Advisory CVE-2026-26171 – .NET Denial of Service Vulnerability High
CVE-2026-26171 was published for System.Security.Cryptography.Xml (NuGet) Apr 14, 2026
DylanW01 Credited to DylanW01
Microsoft Security Advisory CVE-2026-33116 – .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability High
CVE-2026-33116 was published for System.Security.Cryptography.Xml (NuGet) Apr 14, 2026
DylanW01 Credited to DylanW01, briandesarmo, and nicky-dilemmagroep briandesarmo briandesarmo
nicky-dilemmagroep nicky-dilemmagroep
CWE-400 Uncontrolled Resource Consumption vulnerability exists that could cause excessive... Moderate Unreviewed
CVE-2026-2405 was published Apr 14, 2026
FITS GZIP decompression bomb in Pillow High
CVE-2026-40192 was published for pillow (pip) Apr 13, 2026
sammiee5311 Credited to sammiee5311
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database