Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
43
Go
3,181
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,474
Pub
12
RubyGems
991
Rust
1,185
Swift
51
Unreviewed advisories
All unreviewed
5,000+

48 advisories

Loading
Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 Mattermost fails to... Moderate Unreviewed
CVE-2026-2456 was published Mar 16, 2026
Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to bound memory... Moderate Unreviewed
CVE-2026-25780 was published Mar 16, 2026
Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to bound memory... Moderate Unreviewed
CVE-2026-26246 was published Mar 16, 2026
psd-tools: Compression module has unguarded zlib decompression, missing dimension validation, and hardening gaps Moderate
CVE-2026-27809 was published for psd-tools (pip) Feb 26, 2026
Wasmtime WASI implementations are vulnerable to guest-controlled resource exhaustion Moderate
CVE-2026-27204 was published for wasmtime (Rust) Feb 24, 2026
mbund Credited to mbund, alexcrichton, and pchickey alexcrichton alexcrichton
pchickey pchickey
EVE Freely Allocates Buffer on The Stack With Data From Socket Moderate
CVE-2023-43632 was published for github.com/lf-edge/eve (Go) Feb 4, 2026
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 is vulnerable... Moderate Unreviewed
CVE-2025-2668 was published Jan 31, 2026
Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a... Moderate Unreviewed
CVE-2025-66199 was published Jan 27, 2026
IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX... Moderate Unreviewed
CVE-2025-2534 was published Nov 7, 2025
rardecode: DoS risk due to unrestricted RAR dictionary sizes Moderate
CVE-2025-11579 was published for github.com/nwaples/rardecode (Go) Oct 10, 2025
kzantow Credited to kzantow
IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to a denial of service as the server... Moderate Unreviewed
CVE-2025-2533 was published Jul 29, 2025
Redis through 7.4.3 allows memory consumption via a multi-bulk command composed of many bulks,... Moderate Unreviewed
CVE-2025-46686 was published Jul 23, 2025
A maliciously crafted .usdc file, when loaded through Autodesk Maya, can force an uncontrolled... Moderate Unreviewed
CVE-2025-4605 was published Jun 11, 2025
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1... Moderate Unreviewed
CVE-2025-2518 was published May 29, 2025
Apache ActiveMQ: Unchecked buffer length can cause excessive memory allocation Moderate
CVE-2025-27533 was published for org.apache.activemq:activemq-client (Maven) May 7, 2025
net-imap rubygem vulnerable to possible DoS by memory exhaustion Moderate
CVE-2025-43857 was published for net-imap (RubyGems) Apr 28, 2025
Masamuneee Credited to Masamuneee and nevans nevans nevans
Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination Moderate
CVE-2025-32386 was published for helm.sh/helm/v3 (Go) Apr 10, 2025
jake-ciolek Credited to jake-ciolek
An allocation-size-too-big error in the parseSWF_DEFINEBINARYDATA function of libming v0.48... Moderate Unreviewed
CVE-2025-29491 was published Mar 27, 2025
Possible DoS by memory exhaustion in net-imap Moderate
CVE-2025-25186 was published for net-imap (RubyGems) Feb 10, 2025
manunio Credited to manunio and nevans nevans nevans
matrix-media-repo (MMR) allows a denial of service through memory exhaustion Moderate
CVE-2024-52791 was published for github.com/t2bot/matrix-media-repo (Go) Jan 16, 2025
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is... Moderate Unreviewed
CVE-2024-41762 was published Dec 7, 2024
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could... Moderate Unreviewed
CVE-2024-37071 was published Dec 7, 2024
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is... Moderate Unreviewed
CVE-2024-41761 was published Nov 23, 2024
A vulnerability in the TL1 function of Cisco&nbsp;Network Convergence System (NCS) 4000 Series... Moderate Unreviewed
CVE-2022-20845 was published Nov 15, 2024
IBM MQ Operator 2.0.26 and 3.2.4 could allow a local user to cause a denial of service due to... Moderate Unreviewed
CVE-2024-40680 was published Sep 7, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database