Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,406
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,641
Pub
13
RubyGems
1,026
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

3,295 advisories

Loading
ImageMagick has infinite loop when writing IPTCTEXT leads to denial of service via crafted profile Moderate
CVE-2026-26066 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
TOTOLINK X5000R V9.1.0cu.2415_B20250515 contains a denial-of-service vulnerability in /cgi-bin... High Unreviewed
CVE-2025-67445 was published Feb 24, 2026
ImageMagick: Infinite loop vulnerability when parsing a PCD file High
CVE-2026-24485 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
ImageMagick: Converting multi-layer nested MVG to SVG can cause DoS Moderate
CVE-2026-24484 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
TOTOLINK X5000R v9.1.0cu_2415_B20250515 contains an argument injection vulnerability in the... Critical Unreviewed
CVE-2025-70327 was published Feb 23, 2026
Moodle TeX formula editor is vulnerable to DoS through lack of execution time limits Moderate
CVE-2026-26047 was published for moodle/moodle (Composer) Feb 21, 2026
OpenClaw: ACP prompt-size checks missing in local stdio bridge could reduce responsiveness with very large inputs Moderate
CVE-2026-27576 was published for openclaw (npm) Feb 20, 2026
aether-ai-agent Credited to aether-ai-agent
OpenClaw has a Web Fetch DoS via unbounded response parsing Moderate
CVE-2026-28394 was published for openclaw (npm) Feb 19, 2026
xuemian168 Credited to xuemian168 and ShangzhiXu ShangzhiXu ShangzhiXu
Bematech (formerly Logic Controls, now Elgin) MP-4200 TH printer contains a denial of service... High Unreviewed
CVE-2019-25401 was published Feb 19, 2026
In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.8, 9.3.9, and 9.2.12, and Splunk Cloud... Moderate Unreviewed
CVE-2026-20139 was published Feb 18, 2026
OpenClaw affected by denial of service via unbounded webhook request body buffering High
CVE-2026-28478 was published for clawdbot (npm) Feb 18, 2026
vincentkoc Credited to vincentkoc
OpenClaw affected by denial of service through unguarded archive extraction allowing high expansion/resource abuse (ZIP/TAR) Moderate
CVE-2026-28452 was published for clawdbot (npm) Feb 18, 2026
vincentkoc Credited to vincentkoc
OpenClaw: denial of service through large base64 media files allocating large buffers before limit checks Moderate
CVE-2026-29612 was published for clawdbot (npm) Feb 18, 2026
vincentkoc Credited to vincentkoc
OpenClaw affected by denial of service via unbounded URL-backed media fetch High
CVE-2026-29609 was published for openclaw (npm) Feb 18, 2026
vincentkoc Credited to vincentkoc
A vulnerability in the management API of the affected product could allow an unauthenticated... Moderate Unreviewed
CVE-2026-23596 was published Feb 17, 2026
An issue in IObit Unlocker v1.3.0.11 allows attackers to cause a Denial of Service (DoS) via a... Moderate Unreviewed
CVE-2025-66676 was published Feb 13, 2026
An issue in halo v.2.22.4 and before allows a remote attacker to cause a denial of service via a... High Unreviewed
CVE-2025-70886 was published Feb 12, 2026
Traefik: TCP readTimeout bypass via STARTTLS on Postgres High
CVE-2026-25949 was published for github.com/traefik/traefik/v3 (Go) Feb 12, 2026
manizada Credited to manizada
webtransport-go: CloseWithError can block indefinitely Moderate
CVE-2026-21435 was published for github.com/quic-go/webtransport-go (Go) Feb 12, 2026
The issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26.3,... High Unreviewed
CVE-2026-20652 was published Feb 12, 2026
This issue was addressed through improved state management. This issue is fixed in iOS 26.3 and... Moderate Unreviewed
CVE-2026-20676 was published Feb 12, 2026
A denial-of-service issue was addressed with improved validation. This issue is fixed in watchOS... High Unreviewed
CVE-2026-20650 was published Feb 12, 2026
The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15... Moderate Unreviewed
CVE-2026-20602 was published Feb 12, 2026
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4,... Moderate Unreviewed
CVE-2025-46304 was published Feb 12, 2026
ajv has ReDoS when using `$data` option Moderate
CVE-2025-69873 was published for ajv (npm) Feb 11, 2026
epoberezkin Credited to epoberezkin, G-Rath, and wayne530 G-Rath G-Rath
wayne530 wayne530
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database