Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,405
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,641
Pub
13
RubyGems
1,026
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

3,295 advisories

Loading
Directus: Unauthenticated Denial of Service via GraphQL Alias Amplification of Expensive Health Check Resolver High
GHSA-6q22-g298-grjh was published for directus (npm) Apr 4, 2026
bugbunny-research Credited to bugbunny-research
Directus: GraphQL Alias Amplification Denial of Service Due to Missing Query Cost/Complexity Limits Moderate
CVE-2026-35441 was published for directus (npm) Apr 4, 2026
liyander Credited to liyander
Mesop: Unbounded Thread Creation in WebSocket Handler Leads to Denial of Service High
CVE-2026-34824 was published for mesop (pip) Apr 3, 2026
tubadeligoz Credited to tubadeligoz
An issue in Dokuwiki v.2025-05-14b 'Librarian' allows a remote attacker to cause a denial of... High Unreviewed
CVE-2026-26477 was published Apr 3, 2026
OpenClaw: Voice-call still parses large WebSocket frames before start validation (Incomplete fix for CVE-2026-32062) Moderate
GHSA-2w79-r9g8-wmcr was published for openclaw (npm) Apr 3, 2026
Kazamayc Credited to Kazamayc
OpenClaw: MS Teams webhook parses body before JWT validation, enabling unauthenticated resource exhaustion Moderate
GHSA-p464-m8x6-vhv8 was published for openclaw (npm) Apr 3, 2026
AntAISecurityLab Credited to AntAISecurityLab
Hirschmann EagleSDV version 05.4.01 prior to 05.4.02 contains a denial-of-service vulnerability... High Unreviewed
CVE-2022-4986 was published Apr 3, 2026
Hirschmann Industrial IT products contain a heap overflow vulnerability in the HiLCOS web... High Unreviewed
CVE-2024-14033 was published Apr 2, 2026
Rack's multipart parsing without Content-Length header allows unbounded chunked file uploads High
CVE-2026-34829 was published for rack (RubyGems) Apr 2, 2026
th4s1s Credited to th4s1s, jeremyevans, and ioquatix jeremyevans jeremyevans
ioquatix ioquatix
Rack has quadratic complexity in Rack::Utils.select_best_encoding via wildcard Accept-Encoding header Moderate
CVE-2026-34230 was published for rack (RubyGems) Apr 2, 2026
kwkr Credited to kwkr, jeremyevans, and ioquatix jeremyevans jeremyevans
ioquatix ioquatix
Rack's multipart header parsing allows Denial of Service via escape-heavy quoted parameters High
CVE-2026-34827 was published for rack (RubyGems) Apr 2, 2026
TaiPhung217 Credited to TaiPhung217, jeremyevans, and ioquatix jeremyevans jeremyevans
ioquatix ioquatix
Rack's multipart byte range processing allows denial of service via excessive overlapping ranges Moderate
CVE-2026-34826 was published for rack (RubyGems) Apr 2, 2026
orenyomtov Credited to orenyomtov, jeremyevans, and ioquatix jeremyevans jeremyevans
ioquatix ioquatix
A vulnerability was identified in Nothings stb up to 1.22. The impacted element is the function... Moderate Unreviewed
CVE-2026-5316 was published Apr 2, 2026
ONNX: Malicious ONNX models can crash servers by exploiting unprotected object settings. High
CVE-2026-34445 was published for onnx (pip) Apr 1, 2026
ZeroXJacks Credited to ZeroXJacks
aiohttp allows unlimited trailer headers, leading to possible uncapped memory usage Moderate
CVE-2026-22815 was published for aiohttp (pip) Apr 1, 2026
sg3-141-592 Credited to sg3-141-592 and Dreamsorcerer Dreamsorcerer Dreamsorcerer
Ash.Type.Module.cast_input/2 atom exhaustion via unchecked Module.concat allows BEAM VM crash High
CVE-2026-34593 was published for ash (Erlang) Apr 1, 2026
fg0x0 Credited to fg0x0 and zachdaniel zachdaniel zachdaniel
OpenClaw: Gateway WebSocket Denial of Service via unbounded pre-auth upgrades Moderate
GHSA-f44p-c7w9-7xr7 was published for openclaw (npm) Mar 31, 2026
topsec-bunney Credited to topsec-bunney
OpenClaw has incomplete Fix for CVE-2026-32011: Feishu Webhook Pre-Auth Body Parsing DoS (Slow-Body / Slowloris Variant) Moderate
GHSA-w6m8-cqvj-pg5v was published for openclaw (npm) Mar 30, 2026
OpenClaw: Feishu webhook reads and parses unauthenticated request bodies before signature validation Moderate
GHSA-3h52-cx59-c456 was published for openclaw (npm) Mar 29, 2026
tdjackey Credited to tdjackey
XPath: Boolean expression infinite loop leads to denial of service via CPU exhaustion High
CVE-2026-32287 was published for github.com/antchfx/xpath (Go) Mar 29, 2026
path-to-regexp vulnerable to Denial of Service via sequential optional groups High
CVE-2026-4926 was published for path-to-regexp (npm) Mar 27, 2026
uug4na Credited to uug4na, blakeembrey, and UlisesGascon blakeembrey blakeembrey
UlisesGascon UlisesGascon
Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects Moderate
CVE-2026-34043 was published for serialize-javascript (npm) Mar 27, 2026
TomerAberbach Credited to TomerAberbach
TSPortal's Uncontrolled User Creation via Validation Side Effects Leads to Potential Denial of Service Moderate
CVE-2026-33541 was published for miraheze/ts-portal (Composer) Mar 27, 2026
Universal-Omega Credited to Universal-Omega
A resample query can be used to trigger out-of-memory crashes in Grafana. Moderate Unreviewed
CVE-2026-27879 was published Mar 27, 2026
A testdata data-source can be used to trigger out-of-memory crashes in Grafana. Moderate Unreviewed
CVE-2026-28375 was published Mar 27, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database