Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

1,750 advisories

Loading
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.10.7,... Moderate Unreviewed
CVE-2026-1402 was published May 27, 2026
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service... Moderate Unreviewed
CVE-2026-6053 was published May 27, 2026
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service... High Unreviewed
CVE-2026-1718 was published May 27, 2026
Pterodactyl has a database resource limit bypass via race condition in Client API Low
CVE-2026-35202 was published for pterodactyl/panel (Composer) May 26, 2026
UDPSendToFailed Credited to UDPSendToFailed
An Allocation of Resources Without Limits or Throttling vulnerability in the OPC-UA Server used... High Unreviewed
CVE-2025-11482 was published May 26, 2026
twig/intl-extra: Unbounded formatter memoisation in keyed on template-controlled arguments Low
CVE-2026-46629 was published for twig/intl-extra (Composer) May 21, 2026
Russh: Unchecked CryptoVec allocation and growth handling is reachable High
CVE-2026-46673 was published for russh (Rust) May 21, 2026
mjc Credited to mjc
NocoDB: Attachment Size Limit Bypass via Upload-by-URL Low
CVE-2026-46553 was published for nocodb (npm) May 21, 2026
bugbunny-research Credited to bugbunny-research
NocoDB: Missing File Size Enforcement in Upload-by-URL Allows Denial of Service via Disk Exhaustion Moderate
CVE-2026-46551 was published for nocodb (npm) May 21, 2026
ik0z Credited to ik0z
An unbounded memory reallocation in the charset conversion code in Netatalk 2.0.0 through 4.4.2... Low Unreviewed
CVE-2026-44070 was published May 21, 2026
Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit... Moderate Unreviewed
CVE-2026-8486 was published May 20, 2026
Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit... Moderate Unreviewed
CVE-2026-8488 was published May 20, 2026
Plug: Unbounded buffer accumulation in multipart header parsing causes denial of service High
CVE-2026-8468 was published for plug (Erlang) May 20, 2026
maennchen Credited to maennchen and josevalim josevalim josevalim
A flaw was found in 389-ds-base. The get_ldapmessage_controls_ext() function in the LDAP server... High Unreviewed
CVE-2026-9064 was published May 20, 2026
FPDI: Memory Exhaustion and Endless Loop in FPDI leads to Denial of Service Moderate
CVE-2026-45802 was published for setasign/fpdi (Composer) May 19, 2026
esnard Credited to esnard
Bandit: Unauthenticated one-shot DoS via `Transfer-Encoding: chunked` High
CVE-2026-39803 was published for bandit (Erlang) May 19, 2026
PJUllrich Credited to PJUllrich, mtrudel, and maennchen mtrudel mtrudel
maennchen maennchen
Mailpit: Unauthenticated remote memory-exhaustion DoS via unlimited SMTP DATA and /api/v1/send body sizes High
CVE-2026-45713 was published for github.com/axllent/mailpit (Go) May 19, 2026
KadirArslan Credited to KadirArslan
Mailpit: Concurrent map read & write in proxy CSS rewriter - remote unauth crash (fatal error: concurrent map read and map write) Moderate
CVE-2026-45712 was published for github.com/axllent/mailpit (Go) May 19, 2026
KadirArslan Credited to KadirArslan
Scriban: array.insert_at index parameter DoS bypasses LoopLimit and LimitToString High
GHSA-24c8-4792-22hx was published for scriban (NuGet) May 19, 2026
fg0x0 Credited to fg0x0
NiceGUI: Unauthenticated log-volume denial of service in dynamic resource routes Moderate
CVE-2026-45554 was published for nicegui (pip) May 18, 2026
bitinerant Credited to bitinerant, evnchn, and falkoschindler evnchn evnchn
falkoschindler falkoschindler
OpenTelemetry eBPF Instrumentation: CappedConcurrentHashMap leaks keys after removals Moderate
CVE-2026-45682 was published for go.opentelemetry.io/obi (Go) May 18, 2026
MrAlias Credited to MrAlias and grcevski grcevski grcevski
ImageMagick: Policy Bypass in PSD decoder Moderate
CVE-2026-45031 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
dayzsec Credited to dayzsec
iskorotkov/avro: Denial-of-Service Vulnerability in Decoder High
GHSA-mx64-mj3q-7prj was published for github.com/iskorotkov/avro/v2 (Go) May 18, 2026
klajok Credited to klajok
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to limit the... Moderate Unreviewed
CVE-2026-2325 was published May 18, 2026
WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows... High Unreviewed
CVE-2021-47959 was published May 15, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database