Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,653
Maven
5,000+
npm
5,000+
NuGet
928
pip
4,860
Pub
13
RubyGems
1,050
Rust
1,304
Swift
53
Unreviewed advisories
All unreviewed
5,000+

3,394 advisories

Loading
An integer underflow in FRRouting (FRR) stable/10.0 to stable/10.6 allows attackers to cause a... High Unreviewed
CVE-2026-37459 was published May 4, 2026
An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the... Moderate Unreviewed
CVE-2025-70071 was published May 4, 2026
An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the... High Unreviewed
CVE-2025-70069 was published May 4, 2026
An issue was discovered in Open-SAE-J1939 thru commit b6caf884df46435e539b1ecbf92b6c29b345bdfe ... High Unreviewed
CVE-2026-42467 was published May 1, 2026
Apache Neethi does not properly detect circular references in policy definitions. When a WS... High Unreviewed
CVE-2026-42403 was published May 1, 2026
Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in... High Unreviewed
CVE-2026-42402 was published May 1, 2026
CVE-2026-40951 is a memory corruption vulnerability on Secure Access Windows clients prior to 14... Moderate Unreviewed
CVE-2026-40951 was published Apr 30, 2026
A denial-of-service vulnerability exists in the U-SPEED N300 V1.0.0 wireless router. By sending a... High Unreviewed
CVE-2026-36958 was published Apr 30, 2026
Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router V1.0.0 is vulnerable to Denial of Service via... High Unreviewed
CVE-2026-36957 was published Apr 30, 2026
Marked Vulnerable to OOM Denial of Service via Infinite Recursion in marked Tokenizer High
CVE-2026-41680 was published for marked (npm) Apr 29, 2026
MaanVader Credited to MaanVader
PhpSpreadsheet has CPU Denial of Service via Unbounded Row Number in XLSX Row Dimensions High
CVE-2026-40902 was published for phpoffice/phpspreadsheet (Composer) Apr 29, 2026
offset Credited to offset
PhpSpreadsheet has CPU Denial of Service via Unbounded Row Index in SpreadsheetML XML Reader High
CVE-2026-40863 was published for phpoffice/phpspreadsheet (Composer) Apr 29, 2026
offset Credited to offset
A WebFlux server application that processes multipart requests creates temp files for parts... Low Unreviewed
CVE-2026-22740 was published Apr 29, 2026
Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving... Moderate Unreviewed
CVE-2026-22745 was published Apr 29, 2026
OpenTelemetry's Zipkin remote endpoint cache could grow without bounds and increase memory pressure Moderate
CVE-2026-41310 was published for OpenTelemetry.Exporter.Zipkin (NuGet) Apr 28, 2026
Kielek Credited to Kielek, martincostello, and arminru martincostello martincostello
arminru arminru
CoreDNS DoH GET oversized dns= query parameter causes pre-validation CPU and memory amplification High
CVE-2026-32936 was published for github.com/coredns/coredns (Go) Apr 28, 2026
thesmartshadow Credited to thesmartshadow
In Spring AI, a malicious PDF file can be crafted that triggers the allocation of unreasonable... Moderate Unreviewed
CVE-2026-40980 was published Apr 28, 2026
A handling issue in the RTSP service of the Mercury MIPC252W 1.0.5 Build 230306 Rel.79931n allows... Moderate Unreviewed
CVE-2026-35901 was published Apr 27, 2026
An issue in the /store/items/search endpoint of Agent Protocol server commit e9a89f allows... High Unreviewed
CVE-2026-30350 was published Apr 27, 2026
An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to cause a denial of... Moderate Unreviewed
CVE-2026-31052 was published Apr 24, 2026
An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to cause a denial of... Low Unreviewed
CVE-2026-31051 was published Apr 24, 2026
Grafana Tempo has an Uncontrolled Resource Consumption issue High
CVE-2026-21728 was published for github.com/grafana/tempo (Go) Apr 24, 2026
free5GC PCF: Memory Leak via CORS Middleware Registration in HTTP Handler Leads to Denial of Service High
CVE-2026-41135 was published for github.com/free5gc/pcf (Go) Apr 22, 2026
Giancannella Credited to Giancannella
A rogue primary server may cause file descriptor exhaustion and eventually a denial of service,... Moderate Unreviewed
CVE-2026-33610 was published Apr 22, 2026
A flaw was found in the `readelf` utility of the binutils package. A local attacker could exploit... Moderate Unreviewed
CVE-2026-6844 was published Apr 22, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database