GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,260
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,483
Swift
61
Unreviewed advisories
All unreviewed
5,000+
229 advisories
Filter by severity
Gogs has Unauthenticated Asymmetric Denial of Service (DoS) via SSH Handshake Stall (File Descriptor Exhaustion)
Moderate
CVE-2026-52814
was published
for
gogs.io/gogs
(Go)
Jun 23, 2026
containerd image-triggered runtime DoS via unbounded group parsing
Moderate
CVE-2026-47262
was published
for
github.com/containerd/containerd
(Go)
Jun 19, 2026
File Browser has a DoS Vulnerability via Public Login API
High
CVE-2026-54092
was published
for
github.com/filebrowser/filebrowser
(Go)
Jun 12, 2026
Arc: Unauthenticated access to Go debug pprof endpoints leaks runtime state and enables CPU-burn DoS
High
CVE-2026-48050
was published
for
github.com/basekick-labs/arc
(Go)
Jun 11, 2026
klever-go: REST API slow-header connection exhaustion via Gin Engine.Run
High
CVE-2026-52880
was published
for
github.com/klever-io/klever-go
(Go)
Jun 5, 2026
klever-go: Unbounded goroutine spawn on direct-message ingress enables peer-driven DoS
High
CVE-2026-52879
was published
for
github.com/klever-io/klever-go
(Go)
Jun 5, 2026
Klever-Go KVM: Throttler slot leak in trie account-data sync causes epoch bootstrap / state sync DoS
Moderate
CVE-2026-49343
was published
for
github.com/klever-io/klever-go
(Go)
Jun 5, 2026
Klever-Go KVM: Hash-array amplification in P2P resolver request handling
High
CVE-2026-47249
was published
for
github.com/klever-io/klever-go
(Go)
Jun 5, 2026
Klever-Go P2P MultiDataInterceptor leaks global throttler slots on malformed compressed batches (DoS)
High
GHSA-74m6-4hjp-7226
was published
for
github.com/klever-io/klever-go
(Go)
Jun 4, 2026
go-git: Malformed Git object data may cause panics or resource exhaustion
Moderate
GHSA-w5pp-99ch-qj29
was published
for
github.com/go-git/go-git/v5
(Go)
May 29, 2026
Go Net HTML parser is vulnerable to denial of service
Moderate
CVE-2026-25680
was published
for
golang.org/x/net
(Go)
May 26, 2026
Mattermost doesn't validate the TIFF IFD offset in the image header before allocating memory
Moderate
CVE-2026-5755
was published
for
github.com/mattermost/mattermost-server
(Go)
May 26, 2026
Mattermost doesn't enforce request body size limits on plugin HTTP endpoints
High
CVE-2026-5308
was published
for
github.com/mattermost/mattermost-plugin-github
(Go)
May 26, 2026
Mailpit: Unauthenticated remote memory-exhaustion DoS via unlimited SMTP DATA and /api/v1/send body sizes
High
CVE-2026-45713
was published
for
github.com/axllent/mailpit
(Go)
May 19, 2026
OpenTelemetry eBPF Instrumentation: Unbounded BPF internal metrics replay can exhaust CPU
Moderate
CVE-2026-45680
was published
for
go.opentelemetry.io/obi
(Go)
May 18, 2026
iskorotkov/avro: CPU Exhaustion in Decoder
High
CVE-2026-46385
was published
for
github.com/iskorotkov/avro/v2
(Go)
May 18, 2026
iskorotkov/avro: Denial-of-Service Vulnerability in Decoder
High
GHSA-mx64-mj3q-7prj
was published
for
github.com/iskorotkov/avro/v2
(Go)
May 18, 2026
Bird-lg-go has a Fatal Out-of-Memory (OOM) Denial of Service via Unbounded JSON Decoding
High
CVE-2026-45047
was published
for
github.com/xddxdd/bird-lg-go
(Go)
May 11, 2026
Volcano's webhook server vulnerable to OOM due to unbounded HTTP request body size
Moderate
CVE-2026-44247
was published
for
volcano.sh/volcano
(Go)
May 8, 2026
Prometheus: Remote read endpoint allows denial of service via crafted snappy payload
High
CVE-2026-42154
was published
for
github.com/prometheus/prometheus
(Go)
May 5, 2026
CoreDNS DoH GET oversized dns= query parameter causes pre-validation CPU and memory amplification
High
CVE-2026-32936
was published
for
github.com/coredns/coredns
(Go)
Apr 28, 2026
Grafana Tempo has an Uncontrolled Resource Consumption issue
High
CVE-2026-21728
was published
for
github.com/grafana/tempo
(Go)
Apr 24, 2026
free5GC PCF: Memory Leak via CORS Middleware Registration in HTTP Handler Leads to Denial of Service
High
CVE-2026-41135
was published
for
github.com/free5gc/pcf
(Go)
Apr 22, 2026
Tekton Pipelines: HTTP Resolver Unbounded Response Body Read Enables Denial of Service via Memory Exhaustion
Moderate
CVE-2026-40924
was published
for
github.com/tektoncd/pipeline
(Go)
Apr 21, 2026
OpenBao: Decompression Bomb via Unbounded Copy in OCI Plugin Extraction (DoS)
Low
CVE-2026-39396
was published
for
github.com/openbao/openbao
(Go)
Apr 21, 2026
ProTip!
Advisories are also available from the
GraphQL API