Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,521
Maven
5,000+
npm
5,000+
NuGet
911
pip
4,760
Pub
13
RubyGems
1,036
Rust
1,229
Swift
53
Unreviewed advisories
All unreviewed
5,000+

323 advisories

Loading
ImageMagick has a Stack Overflow via Recursive FX Expression Parsing Moderate
CVE-2026-33902 was published for Magick.NET-Q16-AnyCPU (NuGet) Apr 14, 2026
fumfel Credited to fumfel
ImageMagick has a Stack Overflow in DestroyXMLTree() High
CVE-2026-33908 was published for Magick.NET-Q16-AnyCPU (NuGet) Apr 14, 2026
unbengable12 Credited to unbengable12
FastFeedParser has an infinite redirect loop DoS via meta-refresh chain High
CVE-2026-39376 was published for fastfeedparser (pip) Apr 8, 2026
redyank Credited to redyank
@stablelib/cbor: Stack exhaustion Denial of Service via deeply nested CBOR arrays, maps, or tags High
GHSA-5jg4-p4qw-cgfr was published for @stablelib/cbor (npm) Apr 4, 2026
Jvr2022 Credited to Jvr2022
SandboxJS: Stack overflow DoS via deeply nested expressions in recursive descent parser Moderate
CVE-2026-34211 was published for @nyariv/sandboxjs (npm) Apr 3, 2026
offset Credited to offset
The application does not detect or guard against cyclic PDF object references while handling... Moderate Unreviewed
CVE-2026-3778 was published Apr 1, 2026
C2C CI utils is vulnerable to DoS via pyasn dependency (CVE-2026-30922) High
GHSA-wcjx-v2wj-xg87 was published for c2cciutils (pip) Mar 26, 2026
smol-toml: Denial of Service via TOML documents containing thousands of consecutive commented lines Moderate
GHSA-v3rj-xjv7-4jmq was published for smol-toml (npm) Mar 25, 2026
0xkakash1 Credited to 0xkakash1
yaml is vulnerable to Stack Overflow via deeply nested YAML collections Moderate
CVE-2026-33532 was published for yaml (npm) Mar 25, 2026
kq5y Credited to kq5y and peaktwilight peaktwilight peaktwilight
Scriban has Uncontrolled Recursion in `object.to_json` Causing Unrecoverable Process Crash via StackOverflowException High
GHSA-xcx6-vp38-8hr5 was published for Scriban (NuGet) Mar 24, 2026
offset Credited to offset
Scriban has a Stack Overflow via Nested Array Initializers That Bypass the ExpressionDepthLimit Fix High
GHSA-p6q4-fgr8-vx4p was published for Scriban (NuGet) Mar 24, 2026
pawlos Credited to pawlos
cbor2 has a Denial of Service via Uncontrolled Recursion in cbor2.loads High
CVE-2026-26209 was published for cbor2 (pip) Mar 23, 2026
romanticpragmatism Credited to romanticpragmatism
Parse Server LiveQuery subscription query depth bypass High
CVE-2026-33508 was published for parse-server (npm) Mar 20, 2026
mith36 Credited to mith36 and mtrezza mtrezza mtrezza
Parse Server has a query condition depth bypass via pre-validation transform pipeline High
CVE-2026-33498 was published for parse-server (npm) Mar 20, 2026
nikoladzekic Credited to nikoladzekic and mtrezza mtrezza mtrezza
Scriban has an Infinite Recursion during Object Rendering Leads to Stack Overflow and Process Crash (Denial of Service) High
GHSA-grr9-747v-xvcp was published for scriban (NuGet) Mar 19, 2026
skdishansachin Credited to skdishansachin
Scriban has Uncontrolled Recursion in Parser Leads to Stack Overflow and Process Crash (Denial of Service) High
GHSA-wgh7-7m3c-fx25 was published for scriban (NuGet) Mar 19, 2026
skdishansachin Credited to skdishansachin
Dasel has unbounded YAML alias expansion in dasel leads to CPU/memory denial of service Moderate
CVE-2026-33320 was published for github.com/tomwright/dasel/v3 (Go) Mar 19, 2026
kq5y Credited to kq5y
Natural Language Toolkit (NLTK) has unbounded recursion in JSONTaggedDecoder.decode_obj() may cause DoS Moderate
GHSA-rf74-v2fm-23pw was published for nltk (pip) Mar 18, 2026
ZeroXJacks Credited to ZeroXJacks
Parse Server crash via deeply nested query condition operators High
CVE-2026-32944 was published for parse-server (npm) Mar 17, 2026
mtrezza Credited to mtrezza
Denial of Service in pyasn1 via Unbounded Recursion High
CVE-2026-30922 was published for pyasn1 (pip) Mar 17, 2026
romanticpragmatism Credited to romanticpragmatism
Uncontrolled recursion DoS in JustHTML() via deeply nested HTML High
GHSA-v7cf-c9rm-wm3j was published for justhtml (pip) Mar 17, 2026
kq5y Credited to kq5y
When an Expat parser with a registered ElementDeclHandler parses an inline document type... Moderate Unreviewed
CVE-2026-4224 was published Mar 16, 2026
AutoMapper Vulnerable to Denial of Service (DoS) via Uncontrolled Recursion High
CVE-2026-32933 was published for AutoMapper (NuGet) Mar 13, 2026
skdishansachin Credited to skdishansachin, jbogard, and nicky-dilemmagroep jbogard jbogard
nicky-dilemmagroep nicky-dilemmagroep
flatted vulnerable to unbounded recursion DoS in parse() revive phase High
CVE-2026-32141 was published for flatted (npm) Mar 13, 2026
ByamB4 Credited to ByamB4
ImageMagick: MSL - Stack overflow in ProcessMSLScript Moderate
CVE-2026-25971 was published for Magick.NET-Q16-AnyCPU (NuGet) Mar 12, 2026
unbengable12 Credited to unbengable12
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database