Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

127,899 advisories

Loading
Netty has Unbounded Direct Memory Consumption in its RedisDecoder High
CVE-2026-44890 was published for io.netty:netty-codec-redis (Maven) Jun 8, 2026
violetagg Credited to violetagg
Netty: Memory Exhaustion in RedisArrayAggregator due to Deeply Nested Arrays High
CVE-2026-44250 was published for io.netty:netty-codec-redis (Maven) Jun 8, 2026
violetagg Credited to violetagg
Netty has an IPv6 Subnet Filter Bypass via Incorrect Comparator Masking High
CVE-2026-44249 was published for io.netty:netty-handler (Maven) Jun 8, 2026
violetagg Credited to violetagg
MCP Server Kubernetes: Tool Access Control Bypass via Presentation-Layer Filtering Without Execution-Layer Enforcement High
CVE-2026-46519 was published for mcp-server-kubernetes (npm) May 21, 2026
axsharma Credited to axsharma and 0xmagic0 0xmagic0 0xmagic0
CoreDNS DoH GET oversized dns= query parameter causes pre-validation CPU and memory amplification High
CVE-2026-32936 was published for github.com/coredns/coredns (Go) Apr 28, 2026
thesmartshadow Credited to thesmartshadow
tmp has Path Traversal via unsanitized prefix/postfix that enables directory escape High
CVE-2026-44705 was published for tmp (npm) May 27, 2026
Gyde04 Credited to Gyde04 and MaanVader MaanVader MaanVader
axios Vulnerable to Credential Theft and Response Hijacking via Prototype Pollution Gadget in Config Merge High
CVE-2026-44495 was published for axios (npm) May 29, 2026
August829 Credited to August829
axios Vulnerable to Full Man-in-the-Middle via Prototype Pollution Gadget in `config.proxy` High
CVE-2026-44494 was published for axios (npm) May 29, 2026
August829 Credited to August829
Allocation of Resources Without Limits or Throttling in Axios High
CVE-2026-44488 was published for axios (npm) Jun 4, 2026
asadeddin Credited to asadeddin
Axios: Proxy-Authorization Credential Leak to Origin Server Across HTTP-to-HTTPS Redirect in Axios Node.js HTTP Adapter High
CVE-2026-44487 was published for axios (npm) Jun 4, 2026
Axios: Proxy-Authorization header leaks to redirect target when proxy is re-evaluated to direct connection High
CVE-2026-44486 was published for axios (npm) Jun 4, 2026
ngocnn97 Credited to ngocnn97
TYPO3 CMS has Broken Access Control in its Media Module High
CVE-2026-49742 was published for typo3/cms-core (Composer) Jun 12, 2026
Routinator crashes when sending a maliciously crafted select-asn query parameter High
CVE-2026-49234 was published for routinator (Rust) Jun 8, 2026
Routinator crashes when encountering maliciously crafted RRDP XML files High
CVE-2026-49235 was published for routinator (Rust) Jun 8, 2026
Routinator has cache path traversal when processing the module component of rsync URIs High
CVE-2026-49233 was published for routinator (Rust) Jun 8, 2026
An authorization bypass through user-controlled key vulnerability has been reported to affect... High Unreviewed
CVE-2026-44083 was published Jun 9, 2026
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating... High Unreviewed
CVE-2026-41539 was published Jun 9, 2026
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute... High Unreviewed
CVE-2026-44801 was published Jun 9, 2026
A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers... High Unreviewed
CVE-2026-26236 was published Jun 9, 2026
Insecure default settings of Portainer CE grant regular (non-admin) users privileges that allow... High Unreviewed
CVE-2026-33590 was published May 28, 2026
A lack of authorization validation in version 1.0.0 or later of the ChromaDB Rust project allows... High Unreviewed
CVE-2026-8828 was published Jun 12, 2026
Insufficient Verification of Data Authenticity in Remote Control for Zoom Contact Center for... High Unreviewed
CVE-2026-53406 was published Jun 12, 2026
Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16... High Unreviewed
CVE-2026-6961 was published Jun 12, 2026
The use of insecure HTTP transport within AMD optional tools could allow an attacker to conduct a... High Unreviewed
CVE-2026-40677 was published Jun 12, 2026
A lack of authorization validation in version 0.4.17 or later of the ChromaDB Python project... High Unreviewed
CVE-2026-45830 was published Jun 12, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database