GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,269
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,487
Swift
61
Unreviewed advisories
All unreviewed
5,000+
3,680 advisories
Filter by severity
Applications using Spring Data Commons may be vulnerable to a Denial of Service (DoS) attack...
Moderate
Unreviewed
CVE-2026-41711
was published
Jun 10, 2026
An application using spring-security-saml2-service-provider and the REDIRECT binding for SAML 2.0...
High
Unreviewed
CVE-2026-40988
was published
Jun 10, 2026
CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an...
Moderate
Unreviewed
CVE-2026-47905
was published
Jun 10, 2026
CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an...
Moderate
Unreviewed
CVE-2026-47902
was published
Jun 10, 2026
CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an...
Moderate
Unreviewed
CVE-2026-47904
was published
Jun 10, 2026
CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an...
High
Unreviewed
CVE-2026-34713
was published
Jun 10, 2026
An uncaught exception in the /application/job/update/{id} endpoint of FastapiAdmin v2.2.0 allows...
Moderate
Unreviewed
CVE-2026-36724
was published
Jun 9, 2026
GPAC MP4Box v2.4 was discovered to contain a floating point exception in the...
High
Unreviewed
CVE-2025-55658
was published
Jun 9, 2026
An issue was discovered in bitbank2 AnimatedGIF v2.2.0. A buffer overflow in the DecodeLZW...
High
Unreviewed
CVE-2026-30141
was published
Jun 9, 2026
A segmentation violaton in the gf_hevc_read_sps_bs_internal function (media_tools/av_parsers.c)...
High
Unreviewed
CVE-2025-52293
was published
Jun 9, 2026
Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over...
High
Unreviewed
CVE-2026-49160
was published
Jun 9, 2026
A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password storage plugin does not...
Moderate
Unreviewed
CVE-2026-11790
was published
Jun 9, 2026
Spring WebFlux applications are vulnerable to Denial of Service (DoS) attacks when processing...
Moderate
Unreviewed
CVE-2026-41840
was published
Jun 9, 2026
Spring MVC and WebFlux applications are vulnerable to Denial of Service (DoS) attacks when...
High
Unreviewed
CVE-2026-41842
was published
Jun 9, 2026
In Micrometer, it is possible for a user to provide specially crafted HTTP requests that may...
High
Unreviewed
CVE-2026-40984
was published
Jun 9, 2026
In Micrometer, it is possible for a user to provide specially crafted gRPC requests that may...
High
Unreviewed
CVE-2026-40983
was published
Jun 9, 2026
Puma PROXY Protocol v1 Parser Allows Remote Memory Exhaustion
High
CVE-2026-47736
was published
for
puma
(RubyGems)
Jun 8, 2026
Dulwich has unbounded memory allocation in receive-pack from crafted thin packs
Moderate
CVE-2026-47734
was published
for
dulwich
(pip)
Jun 8, 2026
Netty HTTP/2: Advertised MAX_CONCURRENT_STREAMS are not enforced
Moderate
CVE-2026-47244
was published
for
io.netty:netty-codec-http2
(Maven)
Jun 8, 2026
Netty has a Vulnerable Default Configuration Which Leads to Denial of Service via Unbounded HTTP/3 Header Size
High
CVE-2026-44892
was published
for
io.netty:netty-codec-http3
(Maven)
Jun 8, 2026
Netty has Unbounded Direct Memory Consumption in its RedisDecoder
High
CVE-2026-44890
was published
for
io.netty:netty-codec-redis
(Maven)
Jun 8, 2026
Netty: Memory Exhaustion in RedisArrayAggregator due to Deeply Nested Arrays
High
CVE-2026-44250
was published
for
io.netty:netty-codec-redis
(Maven)
Jun 8, 2026
A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin...
Moderate
Unreviewed
CVE-2026-11611
was published
Jun 8, 2026
Routinator crashes when encountering maliciously crafted RRDP XML files
High
CVE-2026-49235
was published
for
routinator
(Rust)
Jun 8, 2026
A flaw has been found in kokke tiny-regex-c up to f2632c6d9ed25272987471cdb8b70395c2460bdb. This...
Low
Unreviewed
CVE-2026-11478
was published
Jun 8, 2026
ProTip!
Advisories are also available from the
GraphQL API