GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,296
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
15 advisories
Filter by severity
golang.org/x/crypto: Invoking client can cause server deadlock on unexpected responses
Critical
CVE-2026-39830
was published
for
golang.org/x/crypto
(Go)
Jun 25, 2026
omec-project amf Vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer
Low
CVE-2026-9299
was published
for
github.com/omec-project/amf
(Go)
May 26, 2026
omec-project amf Vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer
Low
CVE-2026-9301
was published
for
github.com/omec-project/amf
(Go)
May 26, 2026
omec-project amf Vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer
Low
CVE-2026-9300
was published
for
github.com/omec-project/amf
(Go)
May 26, 2026
AMF Improperly Restricts Operations within the Bounds of a Memory Buffer
Low
CVE-2026-8780
was published
for
github.com/omec-project/amf
(Go)
May 18, 2026
AMF Improperly Restricts Operations within the Bounds of a Memory Buffer
Low
CVE-2026-8779
was published
for
github.com/omec-project/amf
(Go)
May 18, 2026
omec-project amf crashes when processing malformed LocationReports
Low
CVE-2026-8349
was published
for
github.com/omec-project/amf
(Go)
May 12, 2026
GoBGP has Improper Restriction of Operations within the Bounds of a Memory Buffer
Moderate
CVE-2026-7737
was published
for
github.com/osrg/gobgp
(Go)
May 4, 2026
Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC
High
CVE-2024-36129
was published
for
go.opentelemetry.io/collector/config/configgrpc
(Go)
Jun 5, 2024
Duplicate Advisory: go-codec-dagpb vulnerable to panic when decoding invalid blocks
High
GHSA-967g-cjx4-h7j6
was published
for
github.com/ipld/go-codec-dagpb
(Go)
Dec 28, 2022
•
withdrawn
xmlquery lacks check for whether LoadURL response is in XML format, causing denial of service
High
CVE-2020-25614
was published
for
github.com/antchfx/xmlquery
(Go)
Oct 7, 2022
Out of bounds memory access in github.com/open-policy-agent/opa
High
CVE-2022-28946
was published
for
github.com/open-policy-agent/opa
(Go)
May 20, 2022
golang.org/x/net/html has Improper Restriction of Operations within the Bounds of a Memory Buffer
High
CVE-2018-17847
was published
for
golang.org/x/net
(Go)
May 13, 2022
golang.org/x/net/html has Improper Restriction of Operations within the Bounds of a Memory Buffer
High
CVE-2018-17143
was published
for
golang.org/x/net
(Go)
May 13, 2022
ipld/go-codec-dagpb panics when processing certain blocks
High
CVE-2022-2584
was published
for
github.com/ipld/go-codec-dagpb
(Go)
Apr 8, 2022
ProTip!
Advisories are also available from the
GraphQL API