Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
3,990
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,390
Swift
56
Unreviewed advisories
All unreviewed
5,000+

118 advisories

Loading
A flaw has been found in kokke tiny-regex-c up to f2632c6d9ed25272987471cdb8b70395c2460bdb. This... Low Unreviewed
CVE-2026-11478 was published Jun 8, 2026
Vantage6: No limit on emails sent for password/MFA reset Low
CVE-2024-24769 was published for vantage6 (pip) Jun 5, 2026
A vulnerability was detected in keystonejs keystone up to 20260319. This vulnerability affects... Low Unreviewed
CVE-2026-10802 was published Jun 4, 2026
A flaw has been found in dask up to 3.0. Affected by this issue is the function nunique_approx of... Low Unreviewed
CVE-2026-10705 was published Jun 3, 2026
A security flaw has been discovered in wonderwhy-er DesktopCommanderMCP up to 0.2.38. This... Low Unreviewed
CVE-2026-10691 was published Jun 3, 2026
A weakness has been identified in johnhuang316 code-index-mcp up to 2.14.0. Affected is the... Low Unreviewed
CVE-2026-10692 was published Jun 3, 2026
A vulnerability was determined in Open5GS up to 2.7.7. This affects the function handle_amf_info... Low Unreviewed
CVE-2026-10156 was published May 31, 2026
Symfony's JsonPath Evaluates Attacker-Controlled Regular Expressions in match()/search() Without Limits — ReDoS Low
CVE-2026-45756 was published for symfony/json-path (Composer) May 28, 2026
alexandre-daubois Credited to alexandre-daubois and unknownhad unknownhad unknownhad
@ai-sdk/provider-utils has an Uncontrolled Resource Consumption issue Low
CVE-2026-8769 was published for @ai-sdk/provider-utils (npm) May 18, 2026
justhtml introduces denial-of-service hardening Low
GHSA-r8cj-3554-33mr was published for justhtml (pip) May 8, 2026
EmilStenstrom Credited to EmilStenstrom
A security vulnerability has been detected in GPAC up to 26.02.0. This affects the function... Low Unreviewed
CVE-2026-8124 was published May 8, 2026
Micronaut has Unbounded `bundleCache` in `ResourceBundleMessageSource` that Allows Memory Exhaustion via `Accept-Language` Header Low
CVE-2026-44242 was published for io.micronaut:micronaut-inject (Maven) May 6, 2026
offset Credited to offset
Spring Framework DoS with Multipart Temp Files in WebFlux Low
CVE-2026-22740 was published for org.springframework:spring-webflux (Maven) Apr 29, 2026
An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to cause a denial of... Low Unreviewed
CVE-2026-31051 was published Apr 24, 2026
Tanium addressed an uncontrolled resource consumption vulnerability in Interact. Low Unreviewed
CVE-2026-6416 was published Apr 22, 2026
OpenBao: Decompression Bomb via Unbounded Copy in OCI Plugin Extraction (DoS) Low
CVE-2026-39396 was published for github.com/openbao/openbao (Go) Apr 21, 2026
n1rwhex Credited to n1rwhex
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled Resource... Low Unreviewed
CVE-2026-27307 was published Apr 15, 2026
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled Resource... Low Unreviewed
CVE-2026-27308 was published Apr 15, 2026
OpenClaw: Concurrent async auth attempts can bypass the intended shared-secret rate-limit budget on Tailscale-capable paths Low
CVE-2026-41913 was published for openclaw (npm) Apr 9, 2026
Telecaster2147 Credited to Telecaster2147
LiquidJS Has Memory Limit Bypass via Quadratic Amplification in `replace` Filter Low
CVE-2026-34166 was published for liquidjs (npm) Apr 8, 2026
offset Credited to offset
Apache Cassandra has an authenticated DoS over CQL Low
CVE-2026-32588 was published for org.apache.cassandra:cassandra-all (Maven) Apr 7, 2026
Pygments has Regular Expression Denial of Service (ReDoS) due to Inefficient Regex for GUID Matching Low
CVE-2026-4539 was published for Pygments (pip) Mar 22, 2026
nzlaura Credited to nzlaura and dnegreira dnegreira dnegreira
HCL AION is affected by a vulnerability related to the handling of upload size limits. Improper... Low Unreviewed
CVE-2025-52636 was published Mar 16, 2026
hex_core has Unsafe Deserialization of Erlang Terms Low
CVE-2026-21619 was published for hex_core (Erlang) Mar 1, 2026
realcorvus Credited to realcorvus and maennchen maennchen maennchen
Snowflake JDBC Driver is Vulnerable to Uncontrolled Resource Consumption through SdkProxyRoutePlanner Low
CVE-2026-3293 was published for net.snowflake:snowflake-jdbc (Maven) Feb 27, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database