Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
3,990
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,390
Swift
56
Unreviewed advisories
All unreviewed
5,000+

3,588 advisories

Loading
There is no restriction on the amount of attachment headers that a message can contain when being... Unknown Unreviewed
CVE-2026-50645 was published Jun 12, 2026
Idira Privileged Access Manager (PAM) Self-Hosted Vault versions prior to 15.0.3, 14.6.5, 14.2.7,... High Unreviewed
CVE-2026-45169 was published Jun 12, 2026
Arc: Unauthenticated access to Go debug pprof endpoints leaks runtime state and enables CPU-burn DoS High
CVE-2026-48050 was published for github.com/basekick-labs/arc (Go) Jun 11, 2026
NeuroWinter Credited to NeuroWinter
python-zeroconf: Unbounded TC-deferred queue allows LAN-local memory exhaustion via spoofed-source flood Moderate
CVE-2026-48045 was published for zeroconf (pip) Jun 11, 2026
netty-codec-http2: ByteBuf Reference-Count Leak in DelegatingDecompressorFrameListener Leads to Memory Exhaustion Moderate
CVE-2026-48043 was published for io.netty:netty-codec-http2 (Maven) Jun 11, 2026
@grpc/grpc-js: An incoming malformed compressed message can cause a client or server crash High
CVE-2026-48069 was published for @grpc/grpc-js (npm) Jun 11, 2026
joi has an uncaught RangeError on deeply nested input through recursive `link()` schemas Moderate
CVE-2026-48038 was published for joi (npm) Jun 11, 2026
kexwin Credited to kexwin
vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory (OOM) Denial of Service (DoS)... High Unreviewed
CVE-2026-5497 was published Jun 11, 2026
kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in SCRAM authentication... High Unreviewed
CVE-2026-10143 was published Jun 11, 2026
Acknowledgement extension out of memory High
CVE-2025-53114 was published for org.cometd.java:cometd-java-server-common (Maven) Jun 10, 2026
cosimo Credited to cosimo
Spring Data Commons contains a vulnerability that can lead to a Denial of Service (DoS) condition... Moderate Unreviewed
CVE-2026-41721 was published Jun 10, 2026
An application using spring-security-saml2-service-provider and the REDIRECT binding for SAML 2.0... High Unreviewed
CVE-2026-40988 was published Jun 10, 2026
Applications using Spring Data Commons may be vulnerable to a Denial of Service (DoS) attack... Moderate Unreviewed
CVE-2026-41711 was published Jun 10, 2026
CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an... Moderate Unreviewed
CVE-2026-47905 was published Jun 10, 2026
CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an... High Unreviewed
CVE-2026-34713 was published Jun 10, 2026
CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an... Moderate Unreviewed
CVE-2026-47902 was published Jun 10, 2026
CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an... Moderate Unreviewed
CVE-2026-47904 was published Jun 10, 2026
An uncaught exception in the /application/job/update/{id} endpoint of FastapiAdmin v2.2.0 allows... Moderate Unreviewed
CVE-2026-36724 was published Jun 9, 2026
An issue was discovered in bitbank2 AnimatedGIF v2.2.0. A buffer overflow in the DecodeLZW... High Unreviewed
CVE-2026-30141 was published Jun 9, 2026
GPAC MP4Box v2.4 was discovered to contain a floating point exception in the... High Unreviewed
CVE-2025-55658 was published Jun 9, 2026
A segmentation violaton in the gf_hevc_read_sps_bs_internal function (media_tools/av_parsers.c)... High Unreviewed
CVE-2025-52293 was published Jun 9, 2026
Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over... High Unreviewed
CVE-2026-49160 was published Jun 9, 2026
A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password storage plugin does not... Moderate Unreviewed
CVE-2026-11790 was published Jun 9, 2026
Spring WebFlux applications are vulnerable to Denial of Service (DoS) attacks when processing... Moderate Unreviewed
CVE-2026-41840 was published Jun 9, 2026
Spring MVC and WebFlux applications are vulnerable to Denial of Service (DoS) attacks when... High Unreviewed
CVE-2026-41842 was published Jun 9, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database