Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,521
Maven
5,000+
npm
5,000+
NuGet
911
pip
4,760
Pub
13
RubyGems
1,036
Rust
1,229
Swift
53
Unreviewed advisories
All unreviewed
5,000+

3,328 advisories

Loading
python-multipart affected by Denial of Service via large multipart preamble or epilogue data Moderate
CVE-2026-40347 was published for python-multipart (pip) Apr 15, 2026
HamdaanAliQuatil Credited to HamdaanAliQuatil and defnull defnull defnull
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled Resource... Low Unreviewed
CVE-2026-27307 was published Apr 15, 2026
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled Resource... Low Unreviewed
CVE-2026-27308 was published Apr 15, 2026
Uncontrolled resource consumption and loop with unreachable exit condition in facil.io and downstream iodine ruby gem High
GHSA-2x79-gwq3-vxxm was published for iodine (RubyGems) Apr 14, 2026
michaelknap Credited to michaelknap
Microsoft Security Advisory CVE-2026-26171 – .NET Denial of Service Vulnerability High
CVE-2026-26171 was published for System.Security.Cryptography.Xml (NuGet) Apr 14, 2026
DylanW01 Credited to DylanW01
Microsoft Security Advisory CVE-2026-33116 – .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability High
CVE-2026-33116 was published for System.Security.Cryptography.Xml (NuGet) Apr 14, 2026
DylanW01 Credited to DylanW01
CWE-400 Uncontrolled Resource Consumption vulnerability exists that could cause excessive... Moderate Unreviewed
CVE-2026-2405 was published Apr 14, 2026
An improper resource deallocation and closure vulnerability in the tools/zmqsend.c component of... High Unreviewed
CVE-2026-30998 was published Apr 13, 2026
@vitejs/plugin-rsc has a Denial of Service with React Server Components High
GHSA-v457-wxvj-p9w9 was published for @vitejs/plugin-rsc (npm) Apr 10, 2026
React Server Components have a Denial of Service Vulnerability High
CVE-2026-23869 was published for react-server-dom-parcel (npm) Apr 10, 2026
Apache ActiveMQ: Denial of Service via Out of Memory vulnerability High
CVE-2026-39304 was published for org.apache.activemq:activemq-all (Maven) Apr 10, 2026
Zod jsVideoUrlParser vulnerable to ReDoS in util.js Moderate
CVE-2026-5986 was published for js-video-url-parser (npm) Apr 10, 2026
OpenClaw: Concurrent async auth attempts can bypass the intended shared-secret rate-limit budget on Tailscale-capable paths Low
GHSA-25wv-8phj-8p7r was published for openclaw (npm) Apr 9, 2026
Telecaster2147 Credited to Telecaster2147
Tmds.DBus: malicious D-Bus peers can spoof signals, exhaust file descriptor resources, and cause denial of service High
CVE-2026-39959 was published for Tmds.DBus (NuGet) Apr 8, 2026
Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive... Moderate Unreviewed
CVE-2026-33459 was published Apr 8, 2026
Axios HTTP/2 Session Cleanup State Corruption Vulnerability Moderate
CVE-2026-39865 was published for axios (npm) Apr 8, 2026
vmulas Credited to vmulas and sealonohana sealonohana sealonohana
kubernetes-graphql-gateway: GraphQL Endpoint Vulnerable to Authenticated Denial-of-Service via Unrestricted Query Execution Moderate
GHSA-h9mw-h4qc-f5jf was published for github.com/platform-mesh/kubernetes-graphql-gateway (Go) Apr 8, 2026
LiquidJS Has Memory Limit Bypass via Quadratic Amplification in `replace` Filter Low
CVE-2026-34166 was published for liquidjs (npm) Apr 8, 2026
offset Credited to offset
FastFeedParser has an infinite redirect loop DoS via meta-refresh chain High
CVE-2026-39376 was published for fastfeedparser (pip) Apr 8, 2026
redyank Credited to redyank
skilleton has improper input handling in repository/path processing Moderate
GHSA-5g3j-89fr-r2vp was published for skilleton (npm) Apr 8, 2026
netavark has incorrect error handling for malformed tcp packets Moderate
CVE-2026-35406 was published for netavark (Rust) Apr 7, 2026
dkane01 Credited to dkane01
OpenTelemetry-Go: multi-value `baggage` header extraction causes excessive allocations (remote dos amplification) High
CVE-2026-29181 was published for go.opentelemetry.io/otel/baggage (Go) Apr 7, 2026
1seal Credited to 1seal and XSAM XSAM XSAM
Apache Cassandra has an authenticated DoS over CQL Low
CVE-2026-32588 was published for org.apache.cassandra:cassandra-all (Maven) Apr 7, 2026
Fedify affected by resource exhaustion caused by unbounded redirect following during remote key/document resolution High
CVE-2026-34148 was published for @fedify/fedify (npm) Apr 7, 2026
wrathsec Credited to wrathsec
PocketMine-MP: LogDoS by large complex unknown property logging in clientData in LoginPacket High
GHSA-h6rj-3m53-887h was published for pocketmine/pocketmine-mp (Composer) Apr 6, 2026
ArkadiaEU Credited to ArkadiaEU and dktapps dktapps dktapps
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database