GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,217
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,443
Swift
61
Unreviewed advisories
All unreviewed
5,000+
39 advisories
Filter by severity
Regular Expression Denial of Service (ReDOS)
Moderate
CVE-2021-29060
was published
for
color-string
(npm)
Jun 22, 2021
angular vulnerable to regular expression denial of service (ReDoS)
Moderate
CVE-2022-25844
was published
for
angular
(npm)
May 3, 2022
OpenZeppelin Contracts ERC165Checker unbounded gas consumption
Moderate
CVE-2022-35915
was published
for
@openzeppelin/contracts
(npm)
Aug 14, 2022
NocoDB vulnerable to Denial of Service
Moderate
CVE-2022-3423
was published
for
nocodb
(npm)
Oct 7, 2022
SUCHMOKUO node-worker-threads-pool denial of service Vulnerability
Moderate
CVE-2021-29057
was published
for
node-worker-threads-pool
(npm)
Aug 11, 2023
Allocation of Resources Without Limits or Throttling in vriteio/vrite
Moderate
CVE-2023-5573
was published
for
@vrite/sdk
(npm)
Oct 13, 2023
Next.js Allows a Denial of Service (DoS) with Server Actions
Moderate
CVE-2024-56332
was published
for
next
(npm)
Jan 3, 2025
Directus's S3 assets become unavailable after a burst of malformed transformations
Moderate
CVE-2025-30225
was published
for
@directus/storage-driver-s3
(npm)
Mar 26, 2025
Directus's S3 assets become unavailable after a burst of HEAD requests
Moderate
CVE-2025-30350
was published
for
@directus/storage-driver-s3
(npm)
Mar 26, 2025
GraphQL Armor Cost-Limit Plugin Bypass via Introspection Query Obfuscation
Moderate
GHSA-733v-p3h5-qpq7
was published
for
@escape.tech/graphql-armor-cost-limit
(npm)
Apr 25, 2025
Hono has Body Limit Middleware Bypass
Moderate
CVE-2025-59139
was published
for
hono
(npm)
Sep 12, 2025
Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion
Moderate
CVE-2026-22036
was published
for
undici
(npm)
Jan 14, 2026
Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration
Moderate
CVE-2025-59471
was published
for
next
(npm)
Jan 27, 2026
Next.js has Unbounded Memory Consumption via PPR Resume Endpoint
Moderate
CVE-2025-59472
was published
for
next
(npm)
Jan 28, 2026
OpenClaw: denial of service through large base64 media files allocating large buffers before limit checks
Moderate
CVE-2026-29612
was published
for
clawdbot
(npm)
Feb 18, 2026
OpenClaw affected by denial of service through unguarded archive extraction allowing high expansion/resource abuse (ZIP/TAR)
Moderate
CVE-2026-28452
was published
for
clawdbot
(npm)
Feb 18, 2026
Memory exhaustion in SvelteKit remote form deserialization (experimental only)
Moderate
GHSA-vrhm-gvg7-fpcf
was published
for
@sveltejs/kit
(npm)
Feb 19, 2026
Astro has memory exhaustion DoS due to missing request body size limit in Server Actions
Moderate
CVE-2026-27729
was published
for
@astrojs/node
(npm)
Feb 25, 2026
OpenClaw has hook auth rate limiter bypass via IPv4-mapped IPv6 client key variants
Moderate
GHSA-5847-rm3g-23mw
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw: Unauthorized Telegram Senders Trigger Media Download and Disk Write Before Access Check
Moderate
GHSA-h656-5vcf-cm23
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw has pre-auth webhook body parsing that can enable unauthenticated slow-request DoS
Moderate
CVE-2026-32011
was published
for
openclaw
(npm)
Mar 3, 2026
Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS
Moderate
CVE-2026-2581
was published
for
undici
(npm)
Mar 13, 2026
Next.js: Unbounded postponed resume buffering can lead to DoS
Moderate
CVE-2026-27979
was published
for
next
(npm)
Mar 17, 2026
Astro: Memory exhaustion DoS due to missing request body size limit in Server Islands
Moderate
CVE-2026-29772
was published
for
@astrojs/node
(npm)
Mar 24, 2026
OpenClaw: Gateway WebSocket Denial of Service via unbounded pre-auth upgrades
Moderate
CVE-2026-41399
was published
for
openclaw
(npm)
Mar 31, 2026
ProTip!
Advisories are also available from the
GraphQL API