Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

3,678 advisories

Loading
`melange update-cache` has unbounded HTTP download that can exhaust disk in CI Moderate
CVE-2026-29049 was published for chainguard.dev/melange (Go) Mar 2, 2026
1seal Credited to 1seal, antitree, and 89luca89 antitree antitree
89luca89 89luca89
netty-codec-http2: ByteBuf Reference-Count Leak in DelegatingDecompressorFrameListener Leads to Memory Exhaustion Moderate
CVE-2026-48043 was published for io.netty:netty-codec-http2 (Maven) Jun 11, 2026
SQLFluff: Uncontrolled Resource Consumption in SQLFluff Parser High
CVE-2026-46374 was published for sqlfluff (pip) May 19, 2026
mv: symlinks expanded during cross-device move (resource exhaustion / data duplication) Moderate
CVE-2026-35365 was published for uu_mv (Rust) Jul 6, 2026
cp: -R reads device nodes as streams, destroying device semantics Moderate
CVE-2026-35358 was published for uu_cp (Rust) Jul 6, 2026
CosmWasm wasmd has large address count in ValidateBasic Moderate
GHSA-m3rh-cvr5-x6q4 was published for github.com/CosmWasm/wasmd (Go) Aug 8, 2024
sushiwushi Credited to sushiwushi and cookesan cookesan cookesan
Apache Tomcat Uncontrolled Resource Consumption vulnerability Moderate
CVE-2024-54677 was published for org.apache.tomcat:tomcat (Maven) Dec 17, 2024
yusuke-koyoshi Credited to yusuke-koyoshi
Scriban has Multiple Denial-of-Service Vectors via Unbounded Resource Consumption During Expression Evaluation Moderate
GHSA-xw6w-9jjh-p9cr was published for Scriban (NuGet) Mar 24, 2026
offset Credited to offset and adamus2 adamus2 adamus2
Scriban: Built-in operations bypass LoopLimit and delay cancellation, enabling Denial of Service High
GHSA-c875-h985-hvrc was published for Scriban.Signed (NuGet) Mar 24, 2026
Zwique Credited to Zwique and adamus2 adamus2 adamus2
Spring Framework DoS with Multipart Temp Files in WebFlux Moderate
CVE-2026-22740 was published for org.springframework:spring-webflux (Maven) Apr 29, 2026
yuki-matsuhashi Credited to yuki-matsuhashi
Steeltoe.Discovery.Eureka: Unrecognized DataCenterInfo.Name poisons entire registry fetch High
CVE-2026-50196 was published for Steeltoe.Discovery.Eureka (NuGet) Jul 2, 2026
SimpleSAMLphp has Possible DoS via XPath Transform High
CVE-2026-49289 was published for simplesamlphp/saml2 (Composer) Jul 2, 2026
ahacker1-securesaml Credited to ahacker1-securesaml
ProTip! Advisories are also available from the GraphQL API