Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
43
Go
3,164
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,458
Pub
12
RubyGems
991
Rust
1,184
Swift
50
Unreviewed advisories
All unreviewed
5,000+

712 advisories

Loading
.NET Denial of Service Vulnerability High
CVE-2026-26130 was published for Microsoft.AspNetCore.App.Runtime.linux-arm (NuGet) Mar 11, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.0 before 18.7.6, 18... High Unreviewed
CVE-2025-13929 was published Mar 11, 2026
flagd Vulnerable to Allocation of Resources Without Limits or Throttling High
CVE-2026-31866 was published for github.com/open-feature/flagd/flagd (Go) Mar 11, 2026
danipalli Credited to danipalli, marcozabel, and toddbaert marcozabel marcozabel
toddbaert toddbaert
Parse Server affected by denial-of-service via unbounded query complexity in REST and GraphQL API High
CVE-2026-30946 was published for parse-server (npm) Mar 11, 2026
mtrezza Credited to mtrezza
Duplicate Advisory: .NET Denial of Service Vulnerability High
GHSA-vh8f-65qg-3m8j was published for Microsoft.AspNetCore.App.Runtime.linux-arm (NuGet) Mar 10, 2026 withdrawn
express-rate-limit: IPv4-mapped IPv6 addresses bypass per-client rate limiting on servers with dual-stack network High
CVE-2026-30827 was published for express-rate-limit (npm) Mar 6, 2026
TinkAnet Credited to TinkAnet
RAGAS has an Arbitrary File Read vulnerability High
CVE-2025-45691 was published for ragas (pip) Mar 5, 2026
jackson-core has Nesting Depth Constraint Bypass in `UTF8DataInputJsonParser` potentially allowing Resource Exhaustion High
CVE-2026-29062 was published for tools.jackson.core:jackson-core (Maven) Mar 4, 2026
sprabhav7 Credited to sprabhav7 and rohan-repos rohan-repos rohan-repos
A vulnerability in the Remote Access SSL VPN functionality of Cisco Secure Firewall Adaptive... High Unreviewed
CVE-2026-20103 was published Mar 4, 2026
Underscore has unlimited recursion in _.flatten and _.isEqual, potential for DoS attack High
CVE-2026-27601 was published for underscore (npm) Mar 3, 2026
ByamB4 Credited to ByamB4 and jgonggrijp jgonggrijp jgonggrijp
Django vulnerable to Uncontrolled Resource Consumption High
CVE-2026-25673 was published for Django (pip) Mar 3, 2026
OpenClaw voice-call media stream validated streams after upgrade, which could allow pre-start unauthenticated sockets to increase resource pressure High
CVE-2026-32062 was published for @openclaw/voice-call (npm) Mar 2, 2026
jiseoung Credited to jiseoung
OliveTin has Unauthenticated Denial of Service via Memory Exhaustion in PasswordHash API Endpoint High
CVE-2026-28342 was published for github.com/OliveTin/OliveTin (Go) Mar 2, 2026
fg0x0 Credited to fg0x0
joserfc's PBES2 p2c Unbounded Iteration Count enables Denial of Service (DoS) High
CVE-2026-27932 was published for joserfc (pip) Mar 2, 2026
Jaynornj Credited to Jaynornj and Pr00fOf3xpl0it Pr00fOf3xpl0it Pr00fOf3xpl0it
jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition High
GHSA-72hv-8253-57qq was published for com.fasterxml.jackson.core:jackson-core (Maven) Feb 28, 2026
sprabhav7 Credited to sprabhav7, rohan-repos, and neilmadden-hazelcast rohan-repos rohan-repos
neilmadden-hazelcast neilmadden-hazelcast
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.4 before 18.7.5, 18... High Unreviewed
CVE-2026-1662 was published Feb 25, 2026
Fiber is Vulnerable to Denial of Service via Flash Cookie Unbounded Allocation High
CVE-2026-25899 was published for github.com/gofiber/fiber/v3 (Go) Feb 24, 2026
tuliperis Credited to tuliperis and gaby gaby gaby
ImageMagick: Memory allocation with excessive without limits in the internal SVG decoder High
CVE-2026-25985 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
petermalone Credited to petermalone
jsPDF Affected by Client-Side/Server-Side Denial of Service via Malicious GIF Dimensions High
CVE-2026-25535 was published for jspdf (npm) Feb 19, 2026
ZeroXJacks Credited to ZeroXJacks
Centova Cast 3.2.12 contains a denial of service vulnerability that allows attackers to overwhelm... High Unreviewed
CVE-2019-25342 was published Feb 13, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.8 before 18.6.6, 18... High Unreviewed
CVE-2025-8099 was published Feb 11, 2026
Improper system call parameter validation in the Trusted OS may allow a malicious driver to... High Unreviewed
CVE-2021-26381 was published Feb 10, 2026
Connections received from the proxy port may not count towards total accepted connections,... High Unreviewed
CVE-2026-1848 was published Feb 10, 2026
Inserting certain large documents into a replica set could lead to replica set secondaries not... High Unreviewed
CVE-2026-1847 was published Feb 10, 2026
Complex queries can cause excessive memory usage in MongoDB Query Planner resulting in an Out-Of... High Unreviewed
CVE-2026-1850 was published Feb 10, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database