GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,282
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,490
Swift
61
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
45 advisories
Filter by severity
Pathway through 0.31.1, fixed in commit d09722e, document store applies a caller-supplied glob...
High
Unreviewed
CVE-2026-59094
was published
Jul 2, 2026
fzf is vulnerable to a Denial of Service (DoS) due to inefficient HTTP body processing in the -...
Moderate
Unreviewed
CVE-2026-53433
was published
Jun 30, 2026
Applications that evaluate user-supplied Spring Expression Language (SpEL) expressions are...
High
Unreviewed
CVE-2026-41850
was published
Jun 9, 2026
Version 3.0.7 of the Securly Chrome Extension uses deprecated SHA-1 hashing for IWF CSAM URL...
High
Unreviewed
CVE-2026-8889
was published
Jun 3, 2026
unicodedata.normalize() can take excessive CPU time when processing
specially crafted Unicode...
Moderate
Unreviewed
CVE-2026-3276
was published
Jun 3, 2026
Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume...
High
Unreviewed
CVE-2026-42504
was published
Jun 3, 2026
IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop...
High
Unreviewed
CVE-2026-48959
was published
May 27, 2026
NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability when handling replies...
Moderate
Unreviewed
CVE-2026-44390
was published
May 20, 2026
NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the DNSSEC validator...
Moderate
Unreviewed
CVE-2026-42923
was published
May 20, 2026
NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to a degradation of service...
Moderate
Unreviewed
CVE-2026-41292
was published
May 20, 2026
In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows...
Low
Unreviewed
CVE-2026-45186
was published
May 10, 2026
Nordic Semiconductor IronSide SE for nRF54H20 before 23.0.2+17 has an Algorithmic complexity issue.
High
Unreviewed
CVE-2025-67841
was published
Apr 15, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.8.7, 18...
High
Unreviewed
CVE-2026-3988
was published
Mar 25, 2026
A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU ...
Moderate
Unreviewed
CVE-2025-14831
was published
Feb 9, 2026
When building nested elements using xml.dom.minidom methods such as appendChild() that have a...
Moderate
Unreviewed
CVE-2025-12084
was published
Dec 3, 2025
In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of...
Low
Unreviewed
CVE-2025-66382
was published
Nov 28, 2025
Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of...
High
Unreviewed
CVE-2025-11230
was published
Nov 19, 2025
Due to the design of the name constraint checking algorithm, the processing time of some inputs...
Moderate
Unreviewed
CVE-2025-58187
was published
Oct 30, 2025
The V8 release used in Node.js v24.0.0 has changed how string hashes are computed using rapidhash...
High
Unreviewed
CVE-2025-27209
was published
Jul 19, 2025
mystrtod in mjson 1.2.7 requires more than a billion iterations during processing of certain...
Low
Unreviewed
CVE-2023-30421
was published
Apr 20, 2025
encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and...
Moderate
Unreviewed
CVE-2025-30348
was published
Mar 21, 2025
The hash table used to manage connections in picoquic before b80fd3f uses a weak hash function,...
Moderate
Unreviewed
CVE-2025-24946
was published
Feb 20, 2025
A hash collision vulnerability (in the hash table used to manage connections) in LSQUIC (aka...
Moderate
Unreviewed
CVE-2025-24947
was published
Feb 20, 2025
A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a...
Moderate
Unreviewed
CVE-2024-12133
was published
Feb 10, 2025
A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an...
Moderate
Unreviewed
CVE-2024-12243
was published
Feb 10, 2025
ProTip!
Advisories are also available from the
GraphQL API