Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

44 advisories

Loading
Duplicate Advisory: Open Babel has a NULL pointer dereference in CDXML OBAtom::GetExplicitValence Low
GHSA-fg6r-xgp8-x64r was published for openbabel (pip) Mar 2, 2026 withdrawn
vllm has Improper Resource Shutdown or Release Moderate
CVE-2026-9540 was published for vllm (pip) May 26, 2026
Undertow MadeYouReset HTTP/2 DDoS Vulnerability High
CVE-2025-9784 was published for io.undertow:undertow-core (Maven) Sep 2, 2025
fawind Credited to fawind
aiohttp: Payload Response Resources Are Not Closed After Mid-Body Disconnect Low
CVE-2026-54280 was published for aiohttp (pip) Jun 15, 2026
denyspakizh-tob Credited to denyspakizh-tob and bdraco bdraco bdraco
BoxLite has a Timeout Bypass Vulnerability Moderate
CVE-2026-47213 was published for boxlite (pip) May 29, 2026
XlabAITeam Credited to XlabAITeam, keenanwgn, and A7um keenanwgn keenanwgn
A7um A7um
Dalfox has an Unauthenticated Remote DoS via Closed-Channel Write in `ParameterAnalysis` (server mode) High
CVE-2026-45090 was published for github.com/hahwul/dalfox (Go) May 12, 2026
bugbunny-research Credited to bugbunny-research
PyTorch susceptible to local Denial of Service Low
CVE-2025-2953 was published for torch (pip) Mar 30, 2025
AMF Vulnerable to Improper Resource Shutdown or Release Low
CVE-2026-8783 was published for github.com/omec-project/amf (Go) May 18, 2026
AMF Vulnerable to Improper Resource Shutdown or Release Low
CVE-2026-8782 was published for github.com/omec-project/amf (Go) May 18, 2026
AMF Vulnerable to Improper Resource Shutdown or Release Low
CVE-2026-8781 was published for github.com/omec-project/amf (Go) May 18, 2026
Apache Tomcat Vulnerable to Improper Resource Shutdown or Release Low
CVE-2025-61795 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 27, 2025
tkwilli94 Credited to tkwilli94
Apache Tomcat Improper Resource Shutdown or Release vulnerability High
CVE-2025-48989 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Aug 13, 2025
snieguu Credited to snieguu
GoBGP has an Improper Resource Shutdown or Release Moderate
CVE-2026-7734 was published for github.com/osrg/gobgp/v4 (Go) May 4, 2026
YLChen-007 Credited to YLChen-007
Nuxt OG Image is vulnerable to Denial of Service via unbounded image dimensions Moderate
CVE-2026-34404 was published for nuxt-og-image (npm) Mar 31, 2026
Free5GC AMF is vulnerable to DoS through its HandleRegistrationComplete function Moderate
CVE-2026-4531 was published for github.com/free5gc/amf (Go) Mar 22, 2026
Netmaker Vulnerable to Denial of Service via Server Shutdown Endpoint High
CVE-2026-29771 was published for github.com/gravitl/netmaker (Go) Mar 4, 2026
m4dn355 Credited to m4dn355
PSI Probe: Broken access control can lead to DoS Low
CVE-2026-3269 was published for com.github.psi-probe:psi-probe-core (Maven) Feb 27, 2026
OpenClaw: Unauthorized Telegram Senders Trigger Media Download and Disk Write Before Access Check Moderate
GHSA-h656-5vcf-cm23 was published for openclaw (npm) Mar 3, 2026
v8hid Credited to v8hid
LIEF is vulnerable to segmentation fault Low
CVE-2025-15504 was published for lief (pip) Jan 10, 2026
Jenkins has a Denial of service vulnerability in HTTP-based CLI High
CVE-2025-67635 was published for org.jenkins-ci.main:cli (Maven) Dec 10, 2025
caverav Credited to caverav
Mattermost Server is vulnerable to DoS through maliciously crafted posts Moderate
CVE-2017-18898 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
ImageMagick has a Memory Leak in magick stream Low
CVE-2025-53019 was published for Magick.NET-Q16-AnyCPU (NuGet) Aug 25, 2025
momo-trip Credited to momo-trip, YutoIn, iwashiira, and utshina YutoIn YutoIn
iwashiira iwashiira utshina utshina
PyTorch Improper Resource Shutdown or Release vulnerability Moderate
CVE-2025-3730 was published for torch (pip) Apr 16, 2025
ferdlestier Credited to ferdlestier and szuliq szuliq szuliq
**UNSUPPORTED WHEN ASSIGNED** GzipHandler causes part of request body to be seen as request body of a separate request High
CVE-2024-13009 was published for org.eclipse.jetty:jetty-server (Maven) May 8, 2025
maimaisie Credited to maimaisie, samjsong, nchudasmasumo, and lei-sumo samjsong samjsong
nchudasmasumo nchudasmasumo lei-sumo lei-sumo
ProTip! Advisories are also available from the GraphQL API