GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,260
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,483
Swift
61
Unreviewed advisories
All unreviewed
5,000+
1,620 advisories
Filter by severity
mv: symlinks expanded during cross-device move (resource exhaustion / data duplication)
Moderate
CVE-2026-35365
was published
for
uu_mv
(Rust)
Jul 6, 2026
cp: -R reads device nodes as streams, destroying device semantics
Moderate
CVE-2026-35358
was published
for
uu_cp
(Rust)
Jul 6, 2026
Uncontrolled Resource Consumption (CWE-400) in Elasticsearch can lead to a denial of service via...
Moderate
Unreviewed
CVE-2026-49090
was published
Jul 1, 2026
A malicious LDAP server, which a Thunderbird user is configured to query for address-book...
Moderate
Unreviewed
CVE-2026-57962
was published
Jul 1, 2026
IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 could allow an adjacent attacker to cause a...
Moderate
Unreviewed
CVE-2026-9002
was published
Jun 30, 2026
oban_web: Unbounded range expansion in cron describe causes memory exhaustion
Moderate
CVE-2026-48593
was published
for
oban_web
(Erlang)
Jun 30, 2026
RabbitMQ vulnerable to Denial of Service by publishing large messages over the HTTP API
Moderate
CVE-2023-46118
was published
for
rabbit_common
(Erlang)
Jun 30, 2026
joserfc: b64=false RFC7797 JWS payloads bypass JWSRegistry payload-size limits during deserialization
Moderate
CVE-2026-48990
was published
for
joserfc
(pip)
Jun 26, 2026
By sending a deeply nested ASN1 structure to a Apache Kerby client or service, it's possible to...
Moderate
Unreviewed
CVE-2026-57914
was published
Jun 26, 2026
A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames,...
Moderate
Unreviewed
CVE-2026-48619
was published
Jun 26, 2026
An attacker can send a web request that causes unlimited memory
allocation in the internal web...
Moderate
Unreviewed
CVE-2026-42005
was published
Jun 25, 2026
jackson-databind: Deeply nested JsonNode throws StackOverflowError for toString()
Moderate
CVE-2026-50193
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jun 23, 2026
Gogs has Unauthenticated Asymmetric Denial of Service (DoS) via SSH Handshake Stall (File Descriptor Exhaustion)
Moderate
CVE-2026-52814
was published
for
gogs.io/gogs
(Go)
Jun 23, 2026
IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0...
Moderate
Unreviewed
CVE-2026-9320
was published
Jun 22, 2026
pydantic-settings: NestedSecretsSettingsSource follows symlinks outside secrets_dir, enabling local file read and bypassing secrets_dir_max_size
Moderate
GHSA-4xgf-cpjx-pc3j
was published
for
pydantic-settings
(pip)
Jun 19, 2026
A TraceQL query in Grafana Tempo with a large exemplars hint value can cause the Tempo instance...
Moderate
Unreviewed
CVE-2026-27878
was published
Jun 19, 2026
containerd image-triggered runtime DoS via unbounded group parsing
Moderate
CVE-2026-47262
was published
for
github.com/containerd/containerd
(Go)
Jun 19, 2026
A flaw in Node.js HTTP/2 server API can cause servers to keep accepting data even after sending a...
Moderate
Unreviewed
CVE-2026-48937
was published
Jun 18, 2026
pypdf: Missing stream length values ignore defined limits
Moderate
GHSA-jm82-fx9c-mx94
was published
for
pypdf
(pip)
Jun 18, 2026
Denial-of-service in the Graphics: ImageLib component. This vulnerability was fixed in Firefox...
Moderate
Unreviewed
CVE-2026-12325
was published
Jun 16, 2026
Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox...
Moderate
Unreviewed
CVE-2026-12319
was published
Jun 16, 2026
pypdf: Possible large memory usage for form XObjects during text extraction
Moderate
CVE-2026-49461
was published
for
pypdf
(pip)
Jun 16, 2026
An issue in the /util/http/prelude.rs endpoint of Datadog, Inc Vector v0.54.0 allows attackers to...
Moderate
Unreviewed
CVE-2026-39197
was published
Jun 15, 2026
markdown-it: Quadratic complexity DoS in smartquotes rule via replaceAt string operations
Moderate
CVE-2026-48988
was published
for
markdown-it
(npm)
Jun 15, 2026
UAParser.js: Unbounded `Sec-CH-UA-Model` parsing can trigger ReDoS in `withClientHints()`
Moderate
CVE-2026-48125
was published
for
ua-parser-js
(npm)
Jun 15, 2026
ProTip!
Advisories are also available from the
GraphQL API