GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,260
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,483
Swift
61
Unreviewed advisories
All unreviewed
5,000+
3,678 advisories
Filter by severity
mv: symlinks expanded during cross-device move (resource exhaustion / data duplication)
Moderate
CVE-2026-35365
was published
for
uu_mv
(Rust)
Jul 6, 2026
cp: -R reads device nodes as streams, destroying device semantics
Moderate
CVE-2026-35358
was published
for
uu_cp
(Rust)
Jul 6, 2026
BeyondTrust Remote Support and Privileged Remote Access contain a high-severity pre...
High
Unreviewed
CVE-2026-40140
was published
Jul 6, 2026
A flaw was found in Red Hat Advanced Cluster Security for Kubernetes (RHACS). Central does not...
High
Unreviewed
CVE-2026-9165
was published
Jul 6, 2026
Uncontrolled Resource Consumption vulnerability in Apache IoTDB.
Some interface fails to impose...
High
Unreviewed
CVE-2026-24012
was published
Jul 6, 2026
A flaw has been found in HdrHistogram up to 2.2.2. This affects the function org.HdrHistogram...
Low
Unreviewed
CVE-2026-14684
was published
Jul 5, 2026
A vulnerability was detected in HdrHistogram up to 2.2.2. Affected by this issue is the function...
Low
Unreviewed
CVE-2026-14683
was published
Jul 5, 2026
Gitea versions before 1.25.5 do not enforce a timeout on git grep searches, allowing expensive...
Unknown
Unreviewed
CVE-2026-26307
was published
Jul 3, 2026
An issue in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of...
High
Unreviewed
CVE-2026-52192
was published
Jul 2, 2026
Steeltoe.Discovery.Eureka: Unrecognized DataCenterInfo.Name poisons entire registry fetch
High
CVE-2026-50196
was published
for
Steeltoe.Discovery.Eureka
(NuGet)
Jul 2, 2026
SimpleSAMLphp has Possible DoS via XPath Transform
High
CVE-2026-49289
was published
for
simplesamlphp/saml2
(Composer)
Jul 2, 2026
In Eclipse Parsson published Maven Central artifacts before version 1.1.8, the JSON parser did...
High
Unreviewed
CVE-2026-9563
was published
Jul 2, 2026
Uncontrolled Resource Consumption (CWE-400) in Elasticsearch can lead to a denial of service via...
Moderate
Unreviewed
CVE-2026-49090
was published
Jul 1, 2026
Allocation of resources without limits or throttling in the HTTP/2 HPACK decoder in Apache...
High
Unreviewed
CVE-2026-54428
was published
Jul 1, 2026
Uncontrolled Resource Consumption vulnerability in the HTTP/1.1 message parser in Apache...
High
Unreviewed
CVE-2026-54399
was published
Jul 1, 2026
The following Poly Voice IP devices, CCX, Trio, and Edge E, might be inoperable if they connect...
High
Unreviewed
CVE-2026-2891
was published
Jul 1, 2026
A malicious LDAP server, which a Thunderbird user is configured to query for address-book...
Moderate
Unreviewed
CVE-2026-57962
was published
Jul 1, 2026
An issue in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of...
High
Unreviewed
CVE-2026-52197
was published
Jul 1, 2026
IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 could allow an adjacent attacker to cause a...
Moderate
Unreviewed
CVE-2026-9002
was published
Jun 30, 2026
oban_web: Unbounded range expansion in cron describe causes memory exhaustion
Moderate
CVE-2026-48593
was published
for
oban_web
(Erlang)
Jun 30, 2026
RabbitMQ vulnerable to Denial of Service by publishing large messages over the HTTP API
Moderate
CVE-2023-46118
was published
for
rabbit_common
(Erlang)
Jun 30, 2026
Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via deeply nested...
High
Unreviewed
CVE-2026-57081
was published
Jun 30, 2026
Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via an uncapped...
High
Unreviewed
CVE-2026-57080
was published
Jun 30, 2026
Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ,...
High
Unreviewed
CVE-2026-50750
was published
Jun 30, 2026
JavaScript::Minifier::XS versions before 0.16 for Perl leak memory on every call to minify(),...
High
Unreviewed
CVE-2026-56018
was published
Jun 29, 2026
ProTip!
Advisories are also available from the
GraphQL API