Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
43
Go
3,164
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,458
Pub
12
RubyGems
991
Rust
1,184
Swift
50
Unreviewed advisories
All unreviewed
5,000+

1,529 advisories

Loading
Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS Moderate
CVE-2026-2581 was published for undici (npm) Mar 13, 2026
jackhax Credited to jackhax, mcollina, and UlisesGascon mcollina mcollina
UlisesGascon UlisesGascon
InputMapper 1.6.10 contains a buffer overflow vulnerability in the username field that allows... Moderate Unreviewed
CVE-2019-25464 was published Mar 11, 2026
.NET Denial of Service Vulnerability High
CVE-2026-26130 was published for Microsoft.AspNetCore.App.Runtime.linux-arm (NuGet) Mar 11, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.3 before 18.7.6, 18... Moderate Unreviewed
CVE-2025-12576 was published Mar 11, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.0 before 18.7.6, 18... High Unreviewed
CVE-2025-13929 was published Mar 11, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 before 18.7.6,... Moderate Unreviewed
CVE-2025-13690 was published Mar 11, 2026
Quill has DoS via unbounded read of HTTP response body during notarization Moderate
CVE-2026-31960 was published for github.com/anchore/quill (Go) Mar 11, 2026
Quill has unbounded memory allocation via unvalidated size fields in Mach-O binary parsing Moderate
CVE-2026-31961 was published for github.com/anchore/quill (Go) Mar 11, 2026
flagd Vulnerable to Allocation of Resources Without Limits or Throttling High
CVE-2026-31866 was published for github.com/open-feature/flagd/flagd (Go) Mar 11, 2026
danipalli Credited to danipalli, marcozabel, and toddbaert marcozabel marcozabel
toddbaert toddbaert
Parse Server affected by denial-of-service via unbounded query complexity in REST and GraphQL API High
CVE-2026-30946 was published for parse-server (npm) Mar 11, 2026
mtrezza Credited to mtrezza
pypdf: manipulated stream length values can exhaust RAM Moderate
CVE-2026-31826 was published for pypdf (pip) Mar 11, 2026
iconnnjka Credited to iconnnjka and stefan6419846 stefan6419846 stefan6419846
Duplicate Advisory: .NET Denial of Service Vulnerability High
GHSA-vh8f-65qg-3m8j was published for Microsoft.AspNetCore.App.Runtime.linux-arm (NuGet) Mar 10, 2026 withdrawn
express-rate-limit: IPv4-mapped IPv6 addresses bypass per-client rate limiting on servers with dual-stack network High
CVE-2026-30827 was published for express-rate-limit (npm) Mar 6, 2026
TinkAnet Credited to TinkAnet
RAGAS has an Arbitrary File Read vulnerability High
CVE-2025-45691 was published for ragas (pip) Mar 5, 2026
stellar-xdr's StringM::from_str bypasses max length validation Moderate
CVE-2026-29795 was published for stellar-xdr (Rust) Mar 5, 2026
leighmcculloch Credited to leighmcculloch
jackson-core has Nesting Depth Constraint Bypass in `UTF8DataInputJsonParser` potentially allowing Resource Exhaustion High
CVE-2026-29062 was published for tools.jackson.core:jackson-core (Maven) Mar 4, 2026
sprabhav7 Credited to sprabhav7 and rohan-repos rohan-repos rohan-repos
A vulnerability in the Remote Access SSL VPN functionality of Cisco Secure Firewall Adaptive... High Unreviewed
CVE-2026-20103 was published Mar 4, 2026
Traefik has unbounded io.ReadAll on auth server response body that causes OOM DOS Moderate
CVE-2026-26998 was published for github.com/traefik/traefik/v2 (Go) Mar 4, 2026
sm1ee Credited to sm1ee
OpenClaw: Unauthorized Telegram Senders Trigger Media Download and Disk Write Before Access Check Moderate
GHSA-h656-5vcf-cm23 was published for openclaw (npm) Mar 3, 2026
v8hid Credited to v8hid
Underscore has unlimited recursion in _.flatten and _.isEqual, potential for DoS attack High
CVE-2026-27601 was published for underscore (npm) Mar 3, 2026
ByamB4 Credited to ByamB4 and jgonggrijp jgonggrijp jgonggrijp
Django vulnerable to Uncontrolled Resource Consumption High
CVE-2026-25673 was published for Django (pip) Mar 3, 2026
OpenClaw has hook auth rate limiter bypass via IPv4-mapped IPv6 client key variants Moderate
GHSA-5847-rm3g-23mw was published for openclaw (npm) Mar 3, 2026
OpenClaw voice-call media stream validated streams after upgrade, which could allow pre-start unauthenticated sockets to increase resource pressure High
CVE-2026-32062 was published for @openclaw/voice-call (npm) Mar 2, 2026
jiseoung Credited to jiseoung
OpenClaw's inbound media downloads could exceed configured byte limits before rejection across multiple channels Moderate
GHSA-rxxp-482v-7mrh was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
OliveTin has Unauthenticated Denial of Service via Memory Exhaustion in PasswordHash API Endpoint High
CVE-2026-28342 was published for github.com/OliveTin/OliveTin (Go) Mar 2, 2026
fg0x0 Credited to fg0x0
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database