Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

1,620 advisories

Loading
mv: symlinks expanded during cross-device move (resource exhaustion / data duplication) Moderate
CVE-2026-35365 was published for uu_mv (Rust) Jul 6, 2026
cp: -R reads device nodes as streams, destroying device semantics Moderate
CVE-2026-35358 was published for uu_cp (Rust) Jul 6, 2026
oban_web: Unbounded range expansion in cron describe causes memory exhaustion Moderate
CVE-2026-48593 was published for oban_web (Erlang) Jun 30, 2026
PJUllrich Credited to PJUllrich, sorenone, and maennchen sorenone sorenone
maennchen maennchen
RabbitMQ vulnerable to Denial of Service by publishing large messages over the HTTP API Moderate
CVE-2023-46118 was published for rabbit_common (Erlang) Jun 30, 2026
NSEcho Credited to NSEcho
joserfc: b64=false RFC7797 JWS payloads bypass JWSRegistry payload-size limits during deserialization Moderate
CVE-2026-48990 was published for joserfc (pip) Jun 26, 2026
0xHunSec Credited to 0xHunSec
jackson-databind: Deeply nested JsonNode throws StackOverflowError for toString() Moderate
CVE-2026-50193 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jun 23, 2026
deniz-husaj Credited to deniz-husaj and cowtowncoder cowtowncoder cowtowncoder
M0oo0ry Credited to M0oo0ry
Faze-up Credited to Faze-up
containerd image-triggered runtime DoS via unbounded group parsing Moderate
CVE-2026-47262 was published for github.com/containerd/containerd (Go) Jun 19, 2026
jake-ciolek Credited to jake-ciolek and kyle-elliott-tob kyle-elliott-tob kyle-elliott-tob
pypdf: Missing stream length values ignore defined limits Moderate
GHSA-jm82-fx9c-mx94 was published for pypdf (pip) Jun 18, 2026
sondt99 Credited to sondt99 and stefan6419846 stefan6419846 stefan6419846
pypdf: Possible large memory usage for form XObjects during text extraction Moderate
CVE-2026-49461 was published for pypdf (pip) Jun 16, 2026
manop55555 Credited to manop55555 and stefan6419846 stefan6419846 stefan6419846
markdown-it: Quadratic complexity DoS in smartquotes rule via replaceAt string operations Moderate
CVE-2026-48988 was published for markdown-it (npm) Jun 15, 2026
tndud042713 Credited to tndud042713
UAParser.js: Unbounded `Sec-CH-UA-Model` parsing can trigger ReDoS in `withClientHints()` Moderate
CVE-2026-48125 was published for ua-parser-js (npm) Jun 15, 2026
sondt99 Credited to sondt99
ProTip! Advisories are also available from the GraphQL API