GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,269
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,487
Swift
61
Unreviewed advisories
All unreviewed
5,000+
3,680 advisories
Filter by severity
An issue in the /util/http/prelude.rs endpoint of Datadog, Inc Vector v0.54.0 allows attackers to...
Moderate
Unreviewed
CVE-2026-39197
was published
Jun 15, 2026
In Spring Cloud Sleuth, it is possible for a user to provide specially crafted calls that may...
High
Unreviewed
CVE-2026-41708
was published
Jun 15, 2026
Netty: Unbounded pre-allocation in RedisArrayAggregator from RESP array length
High
CVE-2026-50011
was published
for
io.netty:netty-codec-redis
(Maven)
Jun 15, 2026
markdown-it: Quadratic complexity DoS in smartquotes rule via replaceAt string operations
Moderate
CVE-2026-48988
was published
for
markdown-it
(npm)
Jun 15, 2026
python-multipart: Quadratic-time querystring parsing with semicolon separators causes CPU denial of service
High
CVE-2026-53539
was published
for
python-multipart
(pip)
Jun 15, 2026
UAParser.js: Unbounded `Sec-CH-UA-Model` parsing can trigger ReDoS in `withClientHints()`
Moderate
CVE-2026-48125
was published
for
ua-parser-js
(npm)
Jun 15, 2026
Microsoft Security Advisory CVE-2026-45591 – ASP.NET Core Denial of Service Vulnerability
High
CVE-2026-45591
was published
for
Microsoft.AspNetCore.App.Runtime.linux-x64
(NuGet)
Jun 15, 2026
PyJWT: Unauthenticated DoS via unbounded Base64URL decoding of unused payload segment in b64=false detached JWS
Moderate
CVE-2026-48525
was published
for
pyjwt
(pip)
Jun 15, 2026
@angular/common: Denial of Service (DoS) via OOM in Date Formatting (formatDate)
High
CVE-2026-54268
was published
for
@angular/common
(npm)
Jun 15, 2026
@angular/common: Denial of Service (DoS) via OOM in Number Formatting (digitsInfo)
High
CVE-2026-50171
was published
for
@angular/common
(npm)
Jun 15, 2026
ws: Memory exhaustion DoS from tiny fragments and data chunks
High
CVE-2026-48779
was published
for
ws
(npm)
Jun 15, 2026
File Browser has a DoS Vulnerability via Public Login API
High
CVE-2026-54092
was published
for
github.com/filebrowser/filebrowser
(Go)
Jun 12, 2026
pypdf: Possible large memory usage for large offsets for layout mode text
Moderate
CVE-2026-48155
was published
for
pypdf
(pip)
Jun 12, 2026
SwiftNIO NIOHTTP1: HTTPDecoder accepts unbounded HTTP/1 header blocks, enabling remote DoS
High
CVE-2026-28980
was published
for
github.com/apple/swift-nio
(Swift)
Jun 12, 2026
There is no restriction on the amount of attachment headers that a message can contain when being...
High
Unreviewed
CVE-2026-50645
was published
Jun 12, 2026
Idira Privileged Access Manager (PAM) Self-Hosted Vault versions prior to 15.0.3, 14.6.5, 14.2.7,...
High
Unreviewed
CVE-2026-45169
was published
Jun 12, 2026
Arc: Unauthenticated access to Go debug pprof endpoints leaks runtime state and enables CPU-burn DoS
High
CVE-2026-48050
was published
for
github.com/basekick-labs/arc
(Go)
Jun 11, 2026
python-zeroconf: Unbounded TC-deferred queue allows LAN-local memory exhaustion via spoofed-source flood
Moderate
CVE-2026-48045
was published
for
zeroconf
(pip)
Jun 11, 2026
netty-codec-http2: ByteBuf Reference-Count Leak in DelegatingDecompressorFrameListener Leads to Memory Exhaustion
Moderate
CVE-2026-48043
was published
for
io.netty:netty-codec-http2
(Maven)
Jun 11, 2026
@grpc/grpc-js: An incoming malformed compressed message can cause a client or server crash
High
CVE-2026-48069
was published
for
@grpc/grpc-js
(npm)
Jun 11, 2026
joi has an uncaught RangeError on deeply nested input through recursive `link()` schemas
Moderate
CVE-2026-48038
was published
for
joi
(npm)
Jun 11, 2026
vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory (OOM) Denial of Service (DoS)...
High
Unreviewed
CVE-2026-5497
was published
Jun 11, 2026
kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in SCRAM authentication...
High
Unreviewed
CVE-2026-10143
was published
Jun 11, 2026
Acknowledgement extension out of memory
High
CVE-2025-53114
was published
for
org.cometd.java:cometd-java-server-common
(Maven)
Jun 10, 2026
Spring Data Commons contains a vulnerability that can lead to a Denial of Service (DoS) condition...
Moderate
Unreviewed
CVE-2026-41721
was published
Jun 10, 2026
ProTip!
Advisories are also available from the
GraphQL API