Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,193
Erlang
25
GitHub Actions
39
Go
2,385
Maven
3,027
npm
3,078
NuGet
529
pip
2,897
Pub
5
RubyGems
442
Rust
905
Swift
20
Unreviewed advisories
All unreviewed
5,000+

1,112 advisories

Loading
monetr: Server-side request forgery in Lunch Flow link creation and refresh High
CVE-2026-41644 was published for github.com/monetr/monetr (Go) Apr 22, 2026
elliotcourant Credited to elliotcourant
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.4 before 18.9.6, 18... Moderate Unreviewed
CVE-2025-3922 was published Apr 22, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.9.6, 18... Moderate Unreviewed
CVE-2025-6016 was published Apr 22, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 before 18.9.6, 18... Moderate Unreviewed
CVE-2026-1660 was published Apr 22, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.9.6, 18... Moderate Unreviewed
CVE-2025-0186 was published Apr 22, 2026
A client can trigger excessive memory allocation by generating a lot of queries that are routed... Moderate Unreviewed
CVE-2026-33594 was published Apr 22, 2026
An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited... Moderate Unreviewed
CVE-2026-33254 was published Apr 22, 2026
A client can trigger excessive memory allocation by generating a lot of errors responses over a... Moderate Unreviewed
CVE-2026-33595 was published Apr 22, 2026
By publishing and querying a crafted zone an attacker can cause allocation of large entries in... Moderate Unreviewed
CVE-2026-33258 was published Apr 22, 2026
An attacker can send a web request that causes unlimited memory allocation in the internal web... Moderate Unreviewed
CVE-2026-33257 was published Apr 22, 2026
An attacker can send a web request that causes unlimited memory allocation in the internal web... Moderate Unreviewed
CVE-2026-33256 was published Apr 22, 2026
An attacker can send a web request that causes unlimited memory allocation in the internal web... Moderate Unreviewed
CVE-2026-33260 was published Apr 22, 2026
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition... Low Unreviewed
CVE-2026-22018 was published Apr 21, 2026
OpenBao: Decompression Bomb via Unbounded Copy in OCI Plugin Extraction (DoS) Low
CVE-2026-39396 was published for github.com/openbao/openbao (Go) Apr 21, 2026
n1rwhex Credited to n1rwhex
OpenTelemetry .NET has potential memory exhaustion via unbounded pooled-list sizing in Jaeger exporter conversion path Moderate
CVE-2026-41078 was published for OpenTelemetry.Exporter.Jaeger (NuGet) Apr 18, 2026
Kielek Credited to Kielek and arminru arminru arminru
Zebra: addr/addrv2 Deserialization Resource Exhaustion Moderate
CVE-2026-40881 was published for zebra-network (Rust) Apr 18, 2026
Zk-nd3r Credited to Zk-nd3r and mpguerra mpguerra mpguerra
OpenClaw: Voice-call realtime WebSocket accepted oversized frames High
GHSA-vw3h-q6xq-jjm5 was published for openclaw (npm) Apr 17, 2026
G0odUser Credited to G0odUser
HashiCorp Vault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey Operations High
CVE-2026-5807 was published for github.com/hashicorp/vault (Go) Apr 17, 2026
Meridian: Multiple defense-in-depth gaps (collection/depth caps, telemetry, retry, fan-out) High
GHSA-f5v8-v6q3-q4h6 was published for Meridian.Mapping (NuGet) Apr 16, 2026
basic-ftp vulnerable to denial of service via unbounded memory consumption in Client.list() High
GHSA-rp42-5vxx-qpwr was published for basic-ftp (npm) Apr 16, 2026
MaanVader Credited to MaanVader
MCP-Framework: Unbounded memory allocation in readRequestBody allows denial of service via HTTP transport High
CVE-2026-39313 was published for mcp-framework (npm) Apr 16, 2026
razashariff Credited to razashariff
SpdyStream: DOS on CRI High
CVE-2026-35469 was published for github.com/moby/spdystream (Go) Apr 16, 2026
XWiki's REST APIs can list all pages/spaces, leading to unavailability Moderate
CVE-2026-40104 was published for org.xwiki.platform:xwiki-platform-legacy-oldcore (Maven) Apr 14, 2026
Nest Affected by DoS via Recursive handleData in JsonSocket (TCP Transport) High
CVE-2026-40879 was published for @nestjs/microservices (npm) Apr 14, 2026
hwpark6804-gif Credited to hwpark6804-gif and kamilmysliwiec kamilmysliwiec kamilmysliwiec
In monetr, unauthenticated Stripe webhook reads attacker-sized request bodies before signature validation High
CVE-2026-40481 was published for github.com/monetr/monetr (Go) Apr 14, 2026
Jvr2022 Credited to Jvr2022, th3fallen, and elliotcourant th3fallen th3fallen
elliotcourant elliotcourant
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database