Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,406
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,641
Pub
13
RubyGems
1,026
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

1,668 advisories

Loading
Directus: Unauthenticated Denial of Service via GraphQL Alias Amplification of Expensive Health Check Resolver High
GHSA-6q22-g298-grjh was published for directus (npm) Apr 4, 2026
bugbunny-research Credited to bugbunny-research
Mesop: Unbounded Thread Creation in WebSocket Handler Leads to Denial of Service High
CVE-2026-34824 was published for mesop (pip) Apr 3, 2026
tubadeligoz Credited to tubadeligoz
An issue in Dokuwiki v.2025-05-14b 'Librarian' allows a remote attacker to cause a denial of... High Unreviewed
CVE-2026-26477 was published Apr 3, 2026
Hirschmann EagleSDV version 05.4.01 prior to 05.4.02 contains a denial-of-service vulnerability... High Unreviewed
CVE-2022-4986 was published Apr 3, 2026
Hirschmann Industrial IT products contain a heap overflow vulnerability in the HiLCOS web... High Unreviewed
CVE-2024-14033 was published Apr 2, 2026
Rack's multipart parsing without Content-Length header allows unbounded chunked file uploads High
CVE-2026-34829 was published for rack (RubyGems) Apr 2, 2026
th4s1s Credited to th4s1s, jeremyevans, and ioquatix jeremyevans jeremyevans
ioquatix ioquatix
Rack's multipart header parsing allows Denial of Service via escape-heavy quoted parameters High
CVE-2026-34827 was published for rack (RubyGems) Apr 2, 2026
TaiPhung217 Credited to TaiPhung217, jeremyevans, and ioquatix jeremyevans jeremyevans
ioquatix ioquatix
ONNX: Malicious ONNX models can crash servers by exploiting unprotected object settings. High
CVE-2026-34445 was published for onnx (pip) Apr 1, 2026
ZeroXJacks Credited to ZeroXJacks
Ash.Type.Module.cast_input/2 atom exhaustion via unchecked Module.concat allows BEAM VM crash High
CVE-2026-34593 was published for ash (Erlang) Apr 1, 2026
fg0x0 Credited to fg0x0 and zachdaniel zachdaniel zachdaniel
XPath: Boolean expression infinite loop leads to denial of service via CPU exhaustion High
CVE-2026-32287 was published for github.com/antchfx/xpath (Go) Mar 29, 2026
path-to-regexp vulnerable to Denial of Service via sequential optional groups High
CVE-2026-4926 was published for path-to-regexp (npm) Mar 27, 2026
uug4na Credited to uug4na, blakeembrey, and UlisesGascon blakeembrey blakeembrey
UlisesGascon UlisesGascon
Attacker can send a specifically crafted message before authentication that causes managesieve to... High Unreviewed
CVE-2026-27858 was published Mar 27, 2026
OpenClaw: Remote media error responses could trigger unbounded memory allocation before failure High
GHSA-4qwc-c7g9-4xcw was published for openclaw (npm) Mar 26, 2026
Protobuf: Denial of Service issue through malicious messages containing negative varints or deep recursion High
GHSA-p2gh-cfq4-4wjc was published for google/protobuf (Composer) Mar 25, 2026
34selen Credited to 34selen
A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an... High Unreviewed
CVE-2026-20084 was published Mar 25, 2026
LiquidJS has Exponential Memory Amplification through its replace_first Filter $& Pattern High
CVE-2026-33287 was published for liquidjs (npm) Mar 25, 2026
koDove Credited to koDove
LiquidJS: memoryLimit Bypass through Negative Range Values Leads to Process Crash High
CVE-2026-33285 was published for liquidjs (npm) Mar 25, 2026
koDove Credited to koDove
The issue was addressed with improved checks. This issue is fixed in iOS 26.4 and iPadOS 26.4. A... High Unreviewed
CVE-2026-28874 was published Mar 25, 2026
Scriban: Built-in operations bypass LoopLimit and delay cancellation, enabling Denial of Service High
GHSA-c875-h985-hvrc was published for scriban (NuGet) Mar 24, 2026
Zwique Credited to Zwique
Parse Server: Denial of Service via unindexed database query for unconfigured auth providers High
CVE-2026-33538 was published for parse-server (npm) Mar 24, 2026
mtrezza Credited to mtrezza
Denial-of-service in the Libraries component in NSS. This vulnerability affects Firefox < 149. High Unreviewed
CVE-2026-4727 was published Mar 24, 2026
Denial-of-service in the XML component. This vulnerability affects Firefox < 149. High Unreviewed
CVE-2026-4726 was published Mar 24, 2026
An issue in Free5GC v.4.2.0 and before allows a remote attacker to cause a denial of service via... High Unreviewed
CVE-2026-30653 was published Mar 24, 2026
Denial-of-service in the WebRTC: Signaling component. This vulnerability affects Firefox < 149... High Unreviewed
CVE-2026-4704 was published Mar 24, 2026
ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a... High Unreviewed
CVE-2026-25667 was published Mar 19, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database