GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,260
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,483
Swift
61
Unreviewed advisories
All unreviewed
5,000+
3,678 advisories
Filter by severity
A flaw was found in Red Hat Advanced Cluster Security for Kubernetes (RHACS). Central does not...
High
Unreviewed
CVE-2026-9165
was published
Jul 6, 2026
Idira Privileged Access Manager (PAM) Self-Hosted Vault versions prior to 15.0.3, 14.6.5, 14.2.7,...
High
Unreviewed
CVE-2026-45169
was published
Jun 12, 2026
`melange update-cache` has unbounded HTTP download that can exhaust disk in CI
Moderate
CVE-2026-29049
was published
for
chainguard.dev/melange
(Go)
Mar 2, 2026
netty-codec-http2: ByteBuf Reference-Count Leak in DelegatingDecompressorFrameListener Leads to Memory Exhaustion
Moderate
CVE-2026-48043
was published
for
io.netty:netty-codec-http2
(Maven)
Jun 11, 2026
SQLFluff: Uncontrolled Resource Consumption in SQLFluff Parser
High
CVE-2026-46374
was published
for
sqlfluff
(pip)
May 19, 2026
Uncontrolled Resource Consumption vulnerability in Apache IoTDB.
Some interface fails to impose...
High
Unreviewed
CVE-2026-24012
was published
Jul 6, 2026
mv: symlinks expanded during cross-device move (resource exhaustion / data duplication)
Moderate
CVE-2026-35365
was published
for
uu_mv
(Rust)
Jul 6, 2026
cp: -R reads device nodes as streams, destroying device semantics
Moderate
CVE-2026-35358
was published
for
uu_cp
(Rust)
Jul 6, 2026
An issue in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of...
High
Unreviewed
CVE-2026-52192
was published
Jul 2, 2026
BeyondTrust Remote Support and Privileged Remote Access contain a high-severity pre...
High
Unreviewed
CVE-2026-40140
was published
Jul 6, 2026
CosmWasm wasmd has large address count in ValidateBasic
Moderate
GHSA-m3rh-cvr5-x6q4
was published
for
github.com/CosmWasm/wasmd
(Go)
Aug 8, 2024
Apache Tomcat Uncontrolled Resource Consumption vulnerability
Moderate
CVE-2024-54677
was published
for
org.apache.tomcat:tomcat
(Maven)
Dec 17, 2024
Scriban has Multiple Denial-of-Service Vectors via Unbounded Resource Consumption During Expression Evaluation
Moderate
GHSA-xw6w-9jjh-p9cr
was published
for
Scriban
(NuGet)
Mar 24, 2026
Scriban: Built-in operations bypass LoopLimit and delay cancellation, enabling Denial of Service
High
GHSA-c875-h985-hvrc
was published
for
Scriban.Signed
(NuGet)
Mar 24, 2026
An issue in Texas Instruments LP-CC2652RB SimpleLink CC13XX CC26XX SDK 7.41.00.17 allows...
High
Unreviewed
CVE-2025-44528
was published
Jun 23, 2025
Core FTP / SFTP Server v2 Build 725 was discovered to allow unauthenticated attackers to cause a...
Moderate
Unreviewed
CVE-2022-22899
was published
Feb 18, 2022
A flaw has been found in HdrHistogram up to 2.2.2. This affects the function org.HdrHistogram...
Low
Unreviewed
CVE-2026-14684
was published
Jul 5, 2026
A vulnerability was detected in HdrHistogram up to 2.2.2. Affected by this issue is the function...
Low
Unreviewed
CVE-2026-14683
was published
Jul 5, 2026
Gitea versions before 1.25.5 do not enforce a timeout on git grep searches, allowing expensive...
Unknown
Unreviewed
CVE-2026-26307
was published
Jul 3, 2026
Spring Framework DoS with Multipart Temp Files in WebFlux
Moderate
CVE-2026-22740
was published
for
org.springframework:spring-webflux
(Maven)
Apr 29, 2026
Steeltoe.Discovery.Eureka: Unrecognized DataCenterInfo.Name poisons entire registry fetch
High
CVE-2026-50196
was published
for
Steeltoe.Discovery.Eureka
(NuGet)
Jul 2, 2026
SimpleSAMLphp has Possible DoS via XPath Transform
High
CVE-2026-49289
was published
for
simplesamlphp/saml2
(Composer)
Jul 2, 2026
In Eclipse Parsson published Maven Central artifacts before version 1.1.8, the JSON parser did...
High
Unreviewed
CVE-2026-9563
was published
Jul 2, 2026
Allocation of resources without limits or throttling in the HTTP/2 HPACK decoder in Apache...
High
Unreviewed
CVE-2026-54428
was published
Jul 1, 2026
A malicious LDAP server, which a Thunderbird user is configured to query for address-book...
Moderate
Unreviewed
CVE-2026-57962
was published
Jul 1, 2026
ProTip!
Advisories are also available from the
GraphQL API