Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
52
Go
3,975
Maven
5,000+
npm
5,000+
NuGet
973
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,387
Swift
56
Unreviewed advisories
All unreviewed
5,000+

82 advisories

Loading
Applications that evaluate user-supplied Spring Expression Language (SpEL) expressions are... High Unreviewed
CVE-2026-41850 was published Jun 9, 2026
Version 3.0.7 of the Securly Chrome Extension uses deprecated SHA-1 hashing for IWF CSAM URL... High Unreviewed
CVE-2026-8889 was published Jun 3, 2026
unicodedata.normalize() can take excessive CPU time when processing specially crafted Unicode... Moderate Unreviewed
CVE-2026-3276 was published Jun 3, 2026
Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume... High Unreviewed
CVE-2026-42504 was published Jun 3, 2026
IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop... High Unreviewed
CVE-2026-48959 was published May 27, 2026
NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability when handling replies... Moderate Unreviewed
CVE-2026-44390 was published May 20, 2026
NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to a degradation of service... Moderate Unreviewed
CVE-2026-41292 was published May 20, 2026
NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the DNSSEC validator... Moderate Unreviewed
CVE-2026-42923 was published May 20, 2026
ImageMagick: Policy Bypass in MNG coder could Moderate
CVE-2026-45664 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
pucagit Credited to pucagit
Absinthe: Quadratic fragment-name uniqueness check High
CVE-2026-43967 was published for absinthe (Erlang) May 14, 2026
PJUllrich Credited to PJUllrich and cschiewek cschiewek cschiewek
In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows... Low Unreviewed
CVE-2026-45186 was published May 10, 2026
justhtml introduces denial-of-service hardening Low
GHSA-r8cj-3554-33mr was published for justhtml (pip) May 8, 2026
EmilStenstrom Credited to EmilStenstrom
hickory-proto vulnerable to CPU exhaustion during message encoding due to O(n²) name compression Moderate
GHSA-q2qq-hmj6-3wpp was published for hickory-proto (Rust) May 7, 2026
qifan-sailboat Credited to qifan-sailboat
Twisted has a Denial of Service (DoS) in twisted.names via Crafted DNS Compression Pointer Chains High
CVE-2026-42304 was published for Twisted (pip) May 5, 2026
tomasilluminati Credited to tomasilluminati
webonyx/graphql-php has quadratic validation cost in OverlappingFieldsCanBeMerged via inline fragments High
GHSA-fc86-6rv6-2jpm was published for webonyx/graphql-php (Composer) May 4, 2026
d0cs1s-bzhunt Credited to d0cs1s-bzhunt and BZHunt BZHunt BZHunt
net-imap has quadratic complexity when reading response literals Low
CVE-2026-42245 was published for net-imap (RubyGems) May 4, 2026
Masamuneee Credited to Masamuneee
Nordic Semiconductor IronSide SE for nRF54H20 before 23.0.2+17 has an Algorithmic complexity issue. High Unreviewed
CVE-2025-67841 was published Apr 15, 2026
graphql-php is affected by a Denial of Service via quadratic complexity in OverlappingFieldsCanBeMerged validation Moderate
CVE-2026-40476 was published for webonyx/graphql-php (Composer) Apr 14, 2026
Vikunja has Algorithmic Complexity DoS in Repeating Task Handler Moderate
CVE-2026-35599 was published for code.vikunja.io/api (Go) Apr 10, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
Pretext: Algorithmic Complexity (DoS) in the text analysis phase High
GHSA-5478-66c3-rhxr was published for @chenglou/pretext (npm) Apr 8, 2026
NapongiZero Credited to NapongiZero
Django has potential DoS via MultiPartParser through crafted multipart uploads Moderate
CVE-2026-33033 was published for Django (pip) Apr 7, 2026
Rack has quadratic complexity in Rack::Utils.select_best_encoding via wildcard Accept-Encoding header High
CVE-2026-34230 was published for rack (RubyGems) Apr 2, 2026
kwkr Credited to kwkr, jeremyevans, and ioquatix jeremyevans jeremyevans
ioquatix ioquatix
Rack's multipart header parsing allows Denial of Service via escape-heavy quoted parameters High
CVE-2026-34827 was published for rack (RubyGems) Apr 2, 2026
TaiPhung217 Credited to TaiPhung217, jeremyevans, and ioquatix jeremyevans jeremyevans
ioquatix ioquatix
parse-server has GraphQL complexity validator exponential fragment traversal DoS High
CVE-2026-34573 was published for parse-server (npm) Mar 31, 2026
bugbunny-research Credited to bugbunny-research and mtrezza mtrezza mtrezza
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.8.7, 18... High Unreviewed
CVE-2026-3988 was published Mar 25, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database