GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,282
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,490
Swift
61
Unreviewed advisories
All unreviewed
5,000+
45 advisories
Filter by severity
Tesla vulnerable to atom exhaustion via untrusted URL scheme
High
CVE-2026-48597
was published
for
tesla
(Erlang)
Jul 10, 2026
Tesla: Authorization header leaks on cross-origin redirect via case-sensitive filtering
High
CVE-2026-48595
was published
for
tesla
(Erlang)
Jul 10, 2026
Tesla has decompression bomb on response body
High
CVE-2026-48594
was published
for
tesla
(Erlang)
Jul 10, 2026
mint: Unbounded streams map growth via PUSH_PROMISE without follow-up HEADERS
High
CVE-2026-48862
was published
for
mint
(Erlang)
Jul 9, 2026
mint: Unbounded CONTINUATION/HEADERS frame accumulation (CONTINUATION flood)
High
CVE-2026-49754
was published
for
mint
(Erlang)
Jul 9, 2026
ex_aws_sns: Trusted-attacker `SigningCertURL` permits complete SNS signature bypass
High
CVE-2026-47074
was published
for
ex_aws_sns
(Erlang)
Jun 26, 2026
Hackney vulnerable to atom-table exhaustion via unrecognized URL schemes
High
CVE-2026-47067
was published
for
hackney
(Erlang)
Jun 26, 2026
Hackney has unbounded buffer accumulation in WebSocket
High
CVE-2026-47073
was published
for
hackney
(Erlang)
Jun 26, 2026
Hackney: Per-chunk timeout with unbounded body accumulation enables slow-drip OOM
High
CVE-2026-47077
was published
for
hackney
(Erlang)
Jun 26, 2026
Hackney: `ssl:connect/2` post-handshake upgrade has no timeout
High
CVE-2026-47071
was published
for
hackney
(Erlang)
Jun 26, 2026
Hackney has an infinite loop on non-token byte at start of an Alt-Svc entry
High
CVE-2026-47066
was published
for
hackney
(Erlang)
Jun 26, 2026
PhoenixStorybook: Unbounded atom creation from LiveView event params (atom-table DoS)
High
CVE-2026-8469
was published
for
phoenix_storybook
(Erlang)
Jun 9, 2026
Duplicate Advisory: Hackney has an Allocation of Resources Without Limits or Throttling vulnerabilit
High
GHSA-76v6-f83q-pxvh
was published
for
hackney
(Erlang)
May 26, 2026
•
withdrawn
Plug: Unbounded buffer accumulation in multipart header parsing causes denial of service
High
CVE-2026-8468
was published
for
plug
(Erlang)
May 20, 2026
Bandit: Unauthenticated DoS via chunked request trailers in Bandit HTTP/1 decoder
High
CVE-2026-39806
was published
for
bandit
(Erlang)
May 19, 2026
Bandit: Unauthenticated one-shot DoS via `Transfer-Encoding: chunked`
High
CVE-2026-39803
was published
for
bandit
(Erlang)
May 19, 2026
Postgrex: Channel-name SQL injection in `Postgrex.Notifications.listen/3`
High
CVE-2026-32687
was published
for
postgrex
(Erlang)
May 18, 2026
Absinthe: Quadratic fragment-name uniqueness check
High
CVE-2026-43967
was published
for
absinthe
(Erlang)
May 14, 2026
Absinthe: Unbounded atom creation from parsed directive name
High
CVE-2026-42793
was published
for
absinthe
(Erlang)
May 14, 2026
cowlib: Decompression Bomb in cow_spdy:inflate/2 Allows Memory Exhaustion via Crafted SPDY Frame
High
CVE-2026-43970
was published
for
cowlib
(Erlang)
May 13, 2026
Cowboy: Unbounded buffer accumulation in multipart header parsing causes denial of service in cowboy
High
CVE-2026-8466
was published
for
cowboy
(Erlang)
May 13, 2026
cowlib cow_http_te module: Uncontrolled Resource Consumption vulnerability allows Excessive Allocation
High
CVE-2026-7790
was published
for
cowlib
(Erlang)
May 11, 2026
Phoenix: Long-poll NDJSON body splitting causes large memory allocation
High
CVE-2026-32689
was published
for
phoenix
(Erlang)
May 8, 2026
ex_webrtc client-role handshake is missing DTLS peer fingerprint validation
High
CVE-2026-44700
was published
for
ex_webrtc
(Erlang)
May 8, 2026
Bandit Buffers Unbounded WebSocket Continuation Frames, Allowing Unauthenticated Memory Exhaustion
High
CVE-2026-42786
was published
for
bandit
(Erlang)
May 7, 2026
ProTip!
Advisories are also available from the
GraphQL API