GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
91
GitHub Actions
54
Go
4,194
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,422
Swift
61
Unreviewed advisories
All unreviewed
5,000+
44 advisories
Filter by severity
Duplicate Advisory: Open Babel has a NULL pointer dereference in CDXML OBAtom::GetExplicitValence
Low
GHSA-fg6r-xgp8-x64r
was published
for
openbabel
(pip)
Mar 2, 2026
•
withdrawn
vllm has Improper Resource Shutdown or Release
Moderate
CVE-2026-9540
was published
for
vllm
(pip)
May 26, 2026
Undertow MadeYouReset HTTP/2 DDoS Vulnerability
High
CVE-2025-9784
was published
for
io.undertow:undertow-core
(Maven)
Sep 2, 2025
aiohttp: Payload Response Resources Are Not Closed After Mid-Body Disconnect
Low
CVE-2026-54280
was published
for
aiohttp
(pip)
Jun 15, 2026
BoxLite has a Timeout Bypass Vulnerability
Moderate
CVE-2026-47213
was published
for
boxlite
(pip)
May 29, 2026
Dalfox has an Unauthenticated Remote DoS via Closed-Channel Write in `ParameterAnalysis` (server mode)
High
CVE-2026-45090
was published
for
github.com/hahwul/dalfox
(Go)
May 12, 2026
PyTorch susceptible to local Denial of Service
Low
CVE-2025-2953
was published
for
torch
(pip)
Mar 30, 2025
AMF Vulnerable to Improper Resource Shutdown or Release
Low
CVE-2026-8783
was published
for
github.com/omec-project/amf
(Go)
May 18, 2026
AMF Vulnerable to Improper Resource Shutdown or Release
Low
CVE-2026-8782
was published
for
github.com/omec-project/amf
(Go)
May 18, 2026
AMF Vulnerable to Improper Resource Shutdown or Release
Low
CVE-2026-8781
was published
for
github.com/omec-project/amf
(Go)
May 18, 2026
Apache Tomcat Vulnerable to Improper Resource Shutdown or Release
Low
CVE-2025-61795
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Oct 27, 2025
Apache Tomcat Improper Resource Shutdown or Release vulnerability
High
CVE-2025-48989
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Aug 13, 2025
GoBGP has an Improper Resource Shutdown or Release
Moderate
CVE-2026-7734
was published
for
github.com/osrg/gobgp/v4
(Go)
May 4, 2026
OpenClaw has incomplete Fix for CVE-2026-27486: Unvalidated SIGKILL in `!stop` Chat Command via `shell-utils.ts`
Moderate
CVE-2026-35667
was published
for
openclaw
(npm)
Mar 30, 2026
Nuxt OG Image is vulnerable to Denial of Service via unbounded image dimensions
Moderate
CVE-2026-34404
was published
for
nuxt-og-image
(npm)
Mar 31, 2026
Free5GC AMF is vulnerable to DoS through its HandleRegistrationComplete function
Moderate
CVE-2026-4531
was published
for
github.com/free5gc/amf
(Go)
Mar 22, 2026
Netmaker Vulnerable to Denial of Service via Server Shutdown Endpoint
High
CVE-2026-29771
was published
for
github.com/gravitl/netmaker
(Go)
Mar 4, 2026
PSI Probe: Broken access control can lead to DoS
Low
CVE-2026-3269
was published
for
com.github.psi-probe:psi-probe-core
(Maven)
Feb 27, 2026
OpenClaw: Unauthorized Telegram Senders Trigger Media Download and Disk Write Before Access Check
Moderate
GHSA-h656-5vcf-cm23
was published
for
openclaw
(npm)
Mar 3, 2026
LIEF is vulnerable to segmentation fault
Low
CVE-2025-15504
was published
for
lief
(pip)
Jan 10, 2026
Jenkins has a Denial of service vulnerability in HTTP-based CLI
High
CVE-2025-67635
was published
for
org.jenkins-ci.main:cli
(Maven)
Dec 10, 2025
Mattermost Server is vulnerable to DoS through maliciously crafted posts
Moderate
CVE-2017-18898
was published
for
github.com/mattermost/mattermost-server
(Go)
May 24, 2022
ImageMagick has a Memory Leak in magick stream
Low
CVE-2025-53019
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Aug 25, 2025
PyTorch Improper Resource Shutdown or Release vulnerability
Moderate
CVE-2025-3730
was published
for
torch
(pip)
Apr 16, 2025
**UNSUPPORTED WHEN ASSIGNED** GzipHandler causes part of request body to be seen as request body of a separate request
High
CVE-2024-13009
was published
for
org.eclipse.jetty:jetty-server
(Maven)
May 8, 2025
ProTip!
Advisories are also available from the
GraphQL API