Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,653
Maven
5,000+
npm
5,000+
NuGet
928
pip
4,860
Pub
13
RubyGems
1,050
Rust
1,304
Swift
53
Unreviewed advisories
All unreviewed
5,000+

1,666 advisories

Loading
Axios' HTTP adapter-streamed uploads bypass maxBodyLength when maxRedirects: 0 Moderate
CVE-2026-42034 was published for axios (npm) May 5, 2026
asadeddin Credited to asadeddin
Boundary Community Edition and Boundary Enterprise (“Boundary”) workers are vulnerable to a... High Unreviewed
CVE-2026-7776 was published May 5, 2026
Axios: HTTP adapter streamed responses bypass maxContentLength Moderate
CVE-2026-42036 was published for axios (npm) May 5, 2026
asadeddin Credited to asadeddin
net-imap vulnerable to denial of service via high iteration count for `SCRAM-*` authentication Moderate
CVE-2026-42256 was published for net-imap (RubyGems) May 4, 2026
Masamuneee Credited to Masamuneee
Argo Vulnerable to Unauthenticated Memory Exhaustion (DoS) in Webhook Interceptor High
CVE-2026-42294 was published for github.com/argoproj/argo-workflows/v3 (Go) May 4, 2026
Rudra2018 Credited to Rudra2018, Joibel, and isubasinghe Joibel Joibel
isubasinghe isubasinghe
Incus is affected by unbounded binary import disk exhaustion Moderate
CVE-2026-41685 was published for github.com/lxc/incus/v6/cmd/incusd (Go) May 4, 2026
stamparm Credited to stamparm and stgraber stgraber stgraber
Incus has Unbounded YAML Metadata Decode via Parsing Low
CVE-2026-41648 was published for github.com/lxc/incus/v6/cmd/incusd (Go) May 4, 2026
raefko Credited to raefko, Ectario, and stgraber Ectario Ectario
stgraber stgraber
Velociraptor versions prior to 0.76.4 contain a resource exhaustion vulnerability in the server's... Moderate Unreviewed
CVE-2026-6948 was published May 4, 2026
An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5. A Denial... Moderate Unreviewed
CVE-2026-43507 was published May 1, 2026
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes... Moderate Unreviewed
CVE-2025-36122 was published May 1, 2026
CryptPad 2025.3.1 allows unbounded WebSocket frame flood. A remote, unauthenticated attacker can... High Unreviewed
CVE-2025-51846 was published Apr 30, 2026
n8n Vulnerable to Unauthenticated Denial of Service via MCP Client Registration High
CVE-2026-42236 was published for n8n (npm) Apr 29, 2026
ori-ron Credited to ori-ron
OneCollector exporter reads unbounded HTTP response bodies Moderate
CVE-2026-41484 was published for OpenTelemetry.Exporter.OneCollector (NuGet) Apr 29, 2026
martincostello Credited to martincostello and rajkumar-rangaraj rajkumar-rangaraj rajkumar-rangaraj
OpenTelemetry.Resources.Azure has an unbounded HTTP response body read Moderate
CVE-2026-41483 was published for OpenTelemetry.Resources.Azure (NuGet) Apr 29, 2026
martincostello Credited to martincostello and Kielek Kielek Kielek
OpenTelemetry's Zipkin remote endpoint cache could grow without bounds and increase memory pressure Moderate
CVE-2026-41310 was published for OpenTelemetry.Exporter.Zipkin (NuGet) Apr 28, 2026
Kielek Credited to Kielek, martincostello, and arminru martincostello martincostello
arminru arminru
CoreDNS' DoQ worker pool does not bound stream backlog High
CVE-2026-32934 was published for github.com/coredns/coredns (Go) Apr 28, 2026
manizada Credited to manizada
russh has pre-auth DoS via unbounded allocation in its keyboard-interactive auth handler High
CVE-2026-42189 was published for russh (Rust) Apr 24, 2026
coreyleavitt Credited to coreyleavitt
OpenTelemetry.Sampler.AWS & OpenTelemetry.Resources.AWS have unbounded HTTP response body reads Moderate
CVE-2026-41173 was published for OpenTelemetry.Resources.AWS (NuGet) Apr 23, 2026
Kielek Credited to Kielek, normj, martincostello, and arminru normj normj
martincostello martincostello arminru arminru
monetr: Server-side request forgery in Lunch Flow link creation and refresh High
CVE-2026-41644 was published for github.com/monetr/monetr (Go) Apr 22, 2026
elliotcourant Credited to elliotcourant
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.9.6, 18... Moderate Unreviewed
CVE-2025-0186 was published Apr 22, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.4 before 18.9.6, 18... Moderate Unreviewed
CVE-2025-3922 was published Apr 22, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.9.6, 18... Moderate Unreviewed
CVE-2025-6016 was published Apr 22, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 before 18.9.6, 18... Moderate Unreviewed
CVE-2026-1660 was published Apr 22, 2026
An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited... Moderate Unreviewed
CVE-2026-33254 was published Apr 22, 2026
A client can trigger excessive memory allocation by generating a lot of errors responses over a... Moderate Unreviewed
CVE-2026-33595 was published Apr 22, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database