Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

59 advisories

Loading
OpenClaw: Remote media error responses could trigger unbounded memory allocation before failure High
CVE-2026-35633 was published for openclaw (npm) Mar 26, 2026
YLChen-007 Credited to YLChen-007
undici WebSocket client vulnerable to denial of service via fragment count bypass High
CVE-2026-12151 was published for undici (npm) Jun 19, 2026
lpinca Credited to lpinca, Nadav0077, and UlisesGascon Nadav0077 Nadav0077
UlisesGascon UlisesGascon
undici WebSocket client vulnerable to denial of service via cumulative fragment bypass High
CVE-2026-9675 was published for undici (npm) Jun 18, 2026
mauriceng98 Credited to mauriceng98, Str1ckl4nd, mcollina, and UlisesGascon Str1ckl4nd Str1ckl4nd
mcollina mcollina UlisesGascon UlisesGascon
ws: Memory exhaustion DoS from tiny fragments and data chunks High
CVE-2026-48779 was published for ws (npm) Jun 15, 2026
Nadav0077 Credited to Nadav0077
Allocation of Resources Without Limits or Throttling in Axios High
CVE-2026-44488 was published for axios (npm) Jun 4, 2026
asadeddin Credited to asadeddin
image-size Denial of Service via Infinite Loop during Image Processing High
CVE-2025-71319 was published for image-size (npm) Apr 2, 2025
dellalibera Credited to dellalibera and TheFrankemon TheFrankemon TheFrankemon
Svelte devalue: DoS via sparse array deserialization High
CVE-2026-42570 was published for devalue (npm) May 14, 2026
elliott-with-the-longest-name-on-github Credited to elliott-with-the-longest-name-on-github, dummdidumm, and kq5y dummdidumm dummdidumm
kq5y kq5y
wrathsec Credited to wrathsec
OpenClaw: Voice-call realtime WebSocket accepted oversized frames High
CVE-2026-42437 was published for openclaw (npm) Apr 17, 2026
G0odUser Credited to G0odUser
React Router vulnerable to Denial of Service via reflected user input in single-fetch High
CVE-2026-34077 was published for react-router (npm) Jun 4, 2026
Oceandust Credited to Oceandust
koDove Credited to koDove
thesmartshadow Credited to thesmartshadow
@vitejs/plugin-rsc has a Denial of Service Vulnerability in React Server Components High
GHSA-w94c-4vhp-22gx was published for @vitejs/plugin-rsc (npm) May 11, 2026
Next.js Vulnerable to Denial of Service with Server Components High
GHSA-8h8q-6873-q5fj was published for next (npm) May 11, 2026
Facebook React has a Denial of Service Vulnerability in React Server Components High
CVE-2026-23870 was published for react-server-dom-parcel (npm) May 11, 2026
@fastify/accepts-serializer Vulnerable to Denial of Service via Unbounded Accept Header Cache Growth High
CVE-2026-7768 was published for @fastify/accepts-serializer (npm) May 8, 2026
yuki-matsuhashi Credited to yuki-matsuhashi and UlisesGascon UlisesGascon UlisesGascon
n8n Vulnerable to Unauthenticated Denial of Service via MCP Client Registration High
CVE-2026-42236 was published for n8n (npm) Apr 29, 2026
ori-ron Credited to ori-ron
Underscore has unlimited recursion in _.flatten and _.isEqual, potential for DoS attack High
CVE-2026-27601 was published for underscore (npm) Mar 3, 2026
ByamB4 Credited to ByamB4 and jgonggrijp jgonggrijp jgonggrijp
Nest Affected by DoS via Recursive handleData in JsonSocket (TCP Transport) High
CVE-2026-40879 was published for @nestjs/microservices (npm) Apr 14, 2026
hwpark6804-gif Credited to hwpark6804-gif and kamilmysliwiec kamilmysliwiec kamilmysliwiec
Signal K Server Vulnerable to Denial of Service via Unrestricted Access Request Flooding High
CVE-2025-68272 was published for signalk-server (npm) Jan 2, 2026
NoNoNGU Credited to NoNoNGU
basic-ftp vulnerable to denial of service via unbounded memory consumption in Client.list() High
CVE-2026-41324 was published for basic-ftp (npm) Apr 16, 2026
MaanVader Credited to MaanVader
razashariff Credited to razashariff
ProTip! Advisories are also available from the GraphQL API