Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,630
Maven
5,000+
npm
5,000+
NuGet
928
pip
4,850
Pub
13
RubyGems
1,045
Rust
1,301
Swift
53
Unreviewed advisories
All unreviewed
5,000+

1,656 advisories

Loading
CryptPad 2025.3.1 allows unbounded WebSocket frame flood. A remote, unauthenticated attacker can... High Unreviewed
CVE-2025-51846 was published Apr 30, 2026
n8n Vulnerable to Unauthenticated Denial of Service via MCP Client Registration High
CVE-2026-42236 was published for n8n (npm) Apr 29, 2026
ori-ron Credited to ori-ron
OneCollector exporter reads unbounded HTTP response bodies Moderate
CVE-2026-41484 was published for OpenTelemetry.Exporter.OneCollector (NuGet) Apr 29, 2026
martincostello Credited to martincostello and rajkumar-rangaraj rajkumar-rangaraj rajkumar-rangaraj
OpenTelemetry.Resources.Azure has an unbounded HTTP response body read Moderate
CVE-2026-41483 was published for OpenTelemetry.Resources.Azure (NuGet) Apr 29, 2026
martincostello Credited to martincostello and Kielek Kielek Kielek
OpenTelemetry's Zipkin remote endpoint cache could grow without bounds and increase memory pressure Moderate
CVE-2026-41310 was published for OpenTelemetry.Exporter.Zipkin (NuGet) Apr 28, 2026
Kielek Credited to Kielek, martincostello, and arminru martincostello martincostello
arminru arminru
CoreDNS' DoQ worker pool does not bound stream backlog High
CVE-2026-32934 was published for github.com/coredns/coredns (Go) Apr 28, 2026
manizada Credited to manizada
russh has pre-auth DoS via unbounded allocation in its keyboard-interactive auth handler High
GHSA-f5v4-2wr6-hqmg was published for russh (Rust) Apr 24, 2026
coreyleavitt Credited to coreyleavitt
OpenTelemetry.Sampler.AWS & OpenTelemetry.Resources.AWS have unbounded HTTP response body reads Moderate
CVE-2026-41173 was published for OpenTelemetry.Resources.AWS (NuGet) Apr 23, 2026
Kielek Credited to Kielek, normj, martincostello, and arminru normj normj
martincostello martincostello arminru arminru
monetr: Server-side request forgery in Lunch Flow link creation and refresh High
CVE-2026-41644 was published for github.com/monetr/monetr (Go) Apr 22, 2026
elliotcourant Credited to elliotcourant
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.9.6, 18... Moderate Unreviewed
CVE-2025-0186 was published Apr 22, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.4 before 18.9.6, 18... Moderate Unreviewed
CVE-2025-3922 was published Apr 22, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.9.6, 18... Moderate Unreviewed
CVE-2025-6016 was published Apr 22, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 before 18.9.6, 18... Moderate Unreviewed
CVE-2026-1660 was published Apr 22, 2026
An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited... Moderate Unreviewed
CVE-2026-33254 was published Apr 22, 2026
A client can trigger excessive memory allocation by generating a lot of errors responses over a... Moderate Unreviewed
CVE-2026-33595 was published Apr 22, 2026
A client can trigger excessive memory allocation by generating a lot of queries that are routed... Moderate Unreviewed
CVE-2026-33594 was published Apr 22, 2026
By publishing and querying a crafted zone an attacker can cause allocation of large entries in... Moderate Unreviewed
CVE-2026-33258 was published Apr 22, 2026
An attacker can send a web request that causes unlimited memory allocation in the internal web... Moderate Unreviewed
CVE-2026-33256 was published Apr 22, 2026
An attacker can send a web request that causes unlimited memory allocation in the internal web... Moderate Unreviewed
CVE-2026-33257 was published Apr 22, 2026
An attacker can send a web request that causes unlimited memory allocation in the internal web... Moderate Unreviewed
CVE-2026-33260 was published Apr 22, 2026
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition... Low Unreviewed
CVE-2026-22018 was published Apr 21, 2026
OpenBao: Decompression Bomb via Unbounded Copy in OCI Plugin Extraction (DoS) Low
CVE-2026-39396 was published for github.com/openbao/openbao (Go) Apr 21, 2026
n1rwhex Credited to n1rwhex
OpenTelemetry .NET has potential memory exhaustion via unbounded pooled-list sizing in Jaeger exporter conversion path Moderate
CVE-2026-41078 was published for OpenTelemetry.Exporter.Jaeger (NuGet) Apr 18, 2026
Kielek Credited to Kielek and arminru arminru arminru
Zebra: addr/addrv2 Deserialization Resource Exhaustion Moderate
CVE-2026-40881 was published for zebra-network (Rust) Apr 18, 2026
Zk-nd3r Credited to Zk-nd3r, conradoplg, and mpguerra conradoplg conradoplg
mpguerra mpguerra
OpenClaw: Voice-call realtime WebSocket accepted oversized frames High
GHSA-vw3h-q6xq-jjm5 was published for openclaw (npm) Apr 17, 2026
G0odUser Credited to G0odUser
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database