Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

95 advisories

Loading
@conform-to/dom parseSubmission vulnerable to CPU exhaustion when parsing many unique form fields High
CVE-2026-49250 was published for @conform-to/dom (npm) Jul 2, 2026
jviide Credited to jviide
tonghuaroot Credited to tonghuaroot
MessagePack-CSharp: InterfaceLookupFormatter bypasses collision-resistant comparer settings Moderate
CVE-2026-48516 was published for MessagePack (NuGet) Jun 25, 2026
AArnott Credited to AArnott
MessagePack-CSharp: ExpandoObject formatter can perform quadratic insertion work on untrusted maps Moderate
CVE-2026-48511 was published for MessagePack (NuGet) Jun 25, 2026
AArnott Credited to AArnott
AArnott Credited to AArnott
py7zr: O(n^2) algorithmic complexity DoS in PackInfo._read() Moderate
CVE-2026-55206 was published for py7zr (pip) Jun 19, 2026
0xHunSec Credited to 0xHunSec
parse-server: Denial of service via exponential-time processing of deeply nested query operators High
GHSA-cgxm-vr2f-6fj8 was published for parse-server (npm) Jun 19, 2026
sajdakabir Credited to sajdakabir and mtrezza mtrezza mtrezza
pypdf: Inefficient decoding of FlateDecode PNG predictor streams Moderate
CVE-2026-49460 was published for pypdf (pip) Jun 16, 2026
manop55555 Credited to manop55555 and stefan6419846 stefan6419846 stefan6419846
markdown-it: Quadratic complexity DoS in smartquotes rule via replaceAt string operations Moderate
CVE-2026-48988 was published for markdown-it (npm) Jun 15, 2026
tndud042713 Credited to tndud042713
python-multipart: Quadratic-time querystring parsing with semicolon separators causes CPU denial of service High
CVE-2026-53539 was published for python-multipart (pip) Jun 15, 2026
maxisbey Credited to maxisbey
JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases Moderate
CVE-2026-53550 was published for js-yaml (npm) Jun 15, 2026
0xbughunter Credited to 0xbughunter, soren121, mazze93, G-Rath, dargmuesli, and omgovich soren121 soren121
mazze93 mazze93 G-Rath G-Rath dargmuesli dargmuesli omgovich omgovich
ImageMagick: Policy Bypass in MNG coder could Moderate
CVE-2026-45664 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
pucagit Credited to pucagit
Absinthe: Quadratic fragment-name uniqueness check High
CVE-2026-43967 was published for absinthe (Erlang) May 14, 2026
PJUllrich Credited to PJUllrich and cschiewek cschiewek cschiewek
justhtml introduces denial-of-service hardening Low
GHSA-r8cj-3554-33mr was published for justhtml (pip) May 8, 2026
EmilStenstrom Credited to EmilStenstrom
ProTip! Advisories are also available from the GraphQL API