Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,549
Maven
5,000+
npm
5,000+
NuGet
917
pip
4,798
Pub
13
RubyGems
1,038
Rust
1,237
Swift
53
Unreviewed advisories
All unreviewed
5,000+

3,338 advisories

Loading
A security vulnerability has been detected in lm-sys fastchat up to 0.2.36. This issue affects... Moderate Unreviewed
CVE-2026-6607 was published Apr 20, 2026
A vulnerability has been found in Lagom WHMCS Template up to 2.4.2. This impacts an unknown... Moderate Unreviewed
CVE-2026-6601 was published Apr 20, 2026
OpenTelemetry .NET has potential memory exhaustion via unbounded pooled-list sizing in Jaeger exporter conversion path Moderate
CVE-2026-41078 was published for OpenTelemetry.Exporter.Jaeger (NuGet) Apr 18, 2026
Kielek Credited to Kielek and arminru arminru arminru
OpenClaw: Voice-call realtime WebSocket accepted oversized frames High
GHSA-vw3h-q6xq-jjm5 was published for openclaw (npm) Apr 17, 2026
G0odUser Credited to G0odUser
Bouncy Castle Uncontrolled Resource Consumption vulnerability High
CVE-2026-3505 was published for org.bouncycastle:bcpg-jdk12 (Maven) Apr 17, 2026
Uncontrolled Resource Consumption in Bosch VMS Central Server in Bosch VMS 12.0.1 allows... High Unreviewed
CVE-2024-33618 was published Apr 17, 2026
Meridian: Multiple defense-in-depth gaps (collection/depth caps, telemetry, retry, fan-out) High
GHSA-f5v8-v6q3-q4h6 was published for Meridian.Mapping (NuGet) Apr 16, 2026
basic-ftp vulnerable to denial of service via unbounded memory consumption in Client.list() High
GHSA-rp42-5vxx-qpwr was published for basic-ftp (npm) Apr 16, 2026
MaanVader Credited to MaanVader
zrok: Unauthenticated DoS via unbounded memory allocation in striped session cookie parsing High
CVE-2026-40303 was published for github.com/openziti/zrok (Go) Apr 16, 2026
python-multipart affected by Denial of Service via large multipart preamble or epilogue data Moderate
CVE-2026-40347 was published for python-multipart (pip) Apr 15, 2026
HamdaanAliQuatil Credited to HamdaanAliQuatil and defnull defnull defnull
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled Resource... Low Unreviewed
CVE-2026-27307 was published Apr 15, 2026
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled Resource... Low Unreviewed
CVE-2026-27308 was published Apr 15, 2026
Uncontrolled resource consumption and loop with unreachable exit condition in facil.io and downstream iodine ruby gem High
GHSA-2x79-gwq3-vxxm was published for iodine (RubyGems) Apr 14, 2026
michaelknap Credited to michaelknap
Microsoft Security Advisory CVE-2026-26171 – .NET Denial of Service Vulnerability High
CVE-2026-26171 was published for System.Security.Cryptography.Xml (NuGet) Apr 14, 2026
DylanW01 Credited to DylanW01
Microsoft Security Advisory CVE-2026-33116 – .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability High
CVE-2026-33116 was published for System.Security.Cryptography.Xml (NuGet) Apr 14, 2026
DylanW01 Credited to DylanW01, briandesarmo, and nicky-dilemmagroep briandesarmo briandesarmo
nicky-dilemmagroep nicky-dilemmagroep
CWE-400 Uncontrolled Resource Consumption vulnerability exists that could cause excessive... Moderate Unreviewed
CVE-2026-2405 was published Apr 14, 2026
FITS GZIP decompression bomb in Pillow High
CVE-2026-40192 was published for pillow (pip) Apr 13, 2026
sammiee5311 Credited to sammiee5311
An improper resource deallocation and closure vulnerability in the tools/zmqsend.c component of... High Unreviewed
CVE-2026-30998 was published Apr 13, 2026
@vitejs/plugin-rsc has a Denial of Service with React Server Components High
GHSA-v457-wxvj-p9w9 was published for @vitejs/plugin-rsc (npm) Apr 10, 2026
React Server Components have a Denial of Service Vulnerability High
CVE-2026-23869 was published for react-server-dom-parcel (npm) Apr 10, 2026
Apache ActiveMQ: Denial of Service via Out of Memory vulnerability High
CVE-2026-39304 was published for org.apache.activemq:activemq-all (Maven) Apr 10, 2026
Zod jsVideoUrlParser vulnerable to ReDoS in util.js Moderate
CVE-2026-5986 was published for js-video-url-parser (npm) Apr 10, 2026
OpenClaw: Concurrent async auth attempts can bypass the intended shared-secret rate-limit budget on Tailscale-capable paths Low
GHSA-25wv-8phj-8p7r was published for openclaw (npm) Apr 9, 2026
Telecaster2147 Credited to Telecaster2147
Tmds.DBus: malicious D-Bus peers can spoof signals, exhaust file descriptor resources, and cause denial of service High
CVE-2026-39959 was published for Tmds.DBus (NuGet) Apr 8, 2026
Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive... Moderate Unreviewed
CVE-2026-33459 was published Apr 8, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database