Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,196
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,483
Pub
12
RubyGems
992
Rust
1,186
Swift
51
Unreviewed advisories
All unreviewed
5,000+

32 advisories

Loading
A Memory Allocation with Excessive Size Value vulnerability in Trane Tracer SC, Tracer SC+, and... High Unreviewed
CVE-2026-28253 was published Mar 12, 2026
Fiber is Vulnerable to Denial of Service via Flash Cookie Unbounded Allocation High
CVE-2026-25899 was published for github.com/gofiber/fiber/v3 (Go) Feb 24, 2026
tuliperis Credited to tuliperis and gaby gaby gaby
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco Nexus 9000... High Unreviewed
CVE-2026-20048 was published Feb 25, 2026
ImageMagick: Memory allocation with excessive without limits in the internal SVG decoder High
CVE-2026-25985 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
petermalone Credited to petermalone
@sveltejs/kit has memory amplification DoS vulnerability in Remote Functions binary form deserializer (application/x-sveltekit-formdata) High
CVE-2026-22803 was published for @sveltejs/kit (npm) Jan 15, 2026
hashcoko Credited to hashcoko, ottomated, and elliott-with-the-longest-name-on-github ottomated ottomated
elliott-with-the-longest-name-on-github elliott-with-the-longest-name-on-github
MessagePack for Java Vulnerable to Remote DoS via Malicious EXT Payload Allocation High
CVE-2026-21452 was published for org.msgpack:msgpack-core (Maven) Jan 5, 2026
HyperPS Credited to HyperPS
IBM 4769 Developers Toolkit 7.0.0 through 7.5.52 could allow a remote attacker to cause a denial... High Unreviewed
CVE-2025-3632 was published May 12, 2025
NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could... High Unreviewed
CVE-2025-23331 was published Aug 6, 2025
Fiber Crashes in BodyParser Due to Unvalidated Large Slice Index in Decoder High
CVE-2025-54801 was published for github.com/gofiber/fiber/v2 (Go) Aug 5, 2025
anuraagbaishya Credited to anuraagbaishya
File Browser's Uncontrolled Memory Consumption vulnerability can enable DoS attack due to oversized file processing High
CVE-2025-53893 was published for github.com/filebrowser/filebrowser/v2 (Go) Jul 16, 2025
maen08 Credited to maen08 and hacdias hacdias hacdias
A vulnerability in the Wireless Network Control daemon (wncd) of Cisco IOS XE Software for... High Unreviewed
CVE-2025-20140 was published May 7, 2025
SurrealDB memory exhaustion via string::replace using regex High
GHSA-3633-g6mg-p6qq was published for surrealdb (Rust) Apr 11, 2025
cure53 Credited to cure53
A vulnerability in the SIP processing subsystem of Cisco BroadWorks could allow an... High Unreviewed
CVE-2025-20165 was published Jan 22, 2025
vyper vulnerable to storage allocator overflow High
CVE-2023-30837 was published for vyper (pip) May 5, 2023
ToonVanHove Credited to ToonVanHove and trocher trocher trocher
A vulnerability in the VPN and management web servers of the Cisco Adaptive Security Virtual... High Unreviewed
CVE-2024-20260 was published Oct 23, 2024
To keep its cache database efficient, `named` running as a recursive resolver occasionally... High Unreviewed
CVE-2023-6516 was published Feb 13, 2024
Excessive Iteration in gRPC High
CVE-2023-33953 was published for grpc (RubyGems) Aug 9, 2023
levpachmanov Credited to levpachmanov
Apache Kafka vulnerability can lead to brokers hitting OutOfMemoryException, causing Denial of Service High
CVE-2022-34917 was published for org.apache.kafka:kafka (Maven) Sep 21, 2022
jkmartindale Credited to jkmartindale
Undertow vulnerable to denial of service High
CVE-2023-3223 was published for io.undertow:undertow-parent (Maven) Sep 27, 2023
amphp/http-client Denial of Service via HTTP/2 CONTINUATION Frames High
GHSA-w8gf-g2vq-j2f4 was published for amphp/http-client (Composer) Apr 3, 2024
bartekn Credited to bartekn
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in WEKA INTEREST Security Scanner... High Unreviewed
CVE-2017-20016 was published Mar 29, 2022
A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation... High Unreviewed
CVE-2023-3171 was published Dec 27, 2023
Faktory Web Dashboard can lead to denial of service(DOS) via malicious user input High
CVE-2023-37279 was published for github.com/contribsys/faktory (Go) Sep 20, 2023
Malayke Credited to Malayke
A vulnerability in the XCP Authentication Service of the Cisco Unified Communications Manager IM ... High Unreviewed
CVE-2023-20108 was published Jun 28, 2023
Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager,... High Unreviewed
CVE-2022-28773 was published Apr 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database