Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
975
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

201 advisories

Loading
@grpc/grpc-js: A malformed request can cause a server crash High
CVE-2026-48068 was published for @grpc/grpc-js (npm) Jun 11, 2026
@grpc/grpc-js: An incoming malformed compressed message can cause a client or server crash High
CVE-2026-48069 was published for @grpc/grpc-js (npm) Jun 11, 2026
joi has an uncaught RangeError on deeply nested input through recursive `link()` schemas Moderate
CVE-2026-48038 was published for joi (npm) Jun 11, 2026
kexwin Credited to kexwin
An unhandled exception in Suprema BioStar 2 (Server), versions 2.9.8, 2.9.10, and 2.9.11, that... High Unreviewed
CVE-2026-9509 was published May 29, 2026
IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing... Moderate Unreviewed
CVE-2025-15649 was published May 27, 2026
nimiq-primitives: Panic DoS in trie chunk processing via ROOT-keyed item High
CVE-2026-46545 was published for nimiq-primitives (Rust) May 21, 2026
Piravlos Credited to Piravlos and Eligioo Eligioo Eligioo
NiceGUI: Unauthenticated log-volume denial of service in dynamic resource routes Moderate
CVE-2026-45554 was published for nicegui (pip) May 18, 2026
bitinerant Credited to bitinerant, evnchn, and falkoschindler evnchn evnchn
falkoschindler falkoschindler
OpenTelemetry eBPF Instrumentation: MongoDB parser panics on malformed wire messages High
CVE-2026-45685 was published for go.opentelemetry.io/obi (Go) May 18, 2026
MrAlias Credited to MrAlias
OpenTelemetry eBPF Instrumentation: Unsafe fastelf parsing allows malformed ELF to crash agent Moderate
CVE-2026-45676 was published for go.opentelemetry.io/obi (Go) May 18, 2026
MrAlias Credited to MrAlias and rafaelroquetto rafaelroquetto rafaelroquetto
multiparty: Denial of Service via Prototype Pollution leads to Uncaught Exception High
CVE-2026-8161 was published for multiparty (npm) May 18, 2026
Ser0n-ath Credited to Ser0n-ath, bjohansebas, kq5y, ByamB4, blakeembrey, ljharb, and UlisesGascon bjohansebas bjohansebas
kq5y kq5y ByamB4 ByamB4 blakeembrey blakeembrey ljharb ljharb UlisesGascon UlisesGascon
vm2 has a Sandbox Escape via Promise Constructor Unhandled Rejection (Process Crash DoS) High
CVE-2026-44001 was published for vm2 (npm) May 7, 2026
koDove Credited to koDove
scim_proton and kanidm_proto have an authenticated process abort via SCIM filter stack exhaustion High
CVE-2026-46689 was published for kanidm_proto (Rust) May 6, 2026
mbarbero Credited to mbarbero
Granian vulnerable to DoS via WSGI response header panic Moderate
CVE-2026-42545 was published for granian (pip) May 6, 2026
Z-Bra0 Credited to Z-Bra0
Granian vulnerable to unauthenticated DoS via WebSocket subprotocol header panic High
CVE-2026-42544 was published for granian (pip) May 6, 2026
Z-Bra0 Credited to Z-Bra0
gix-pack has multiple DoS vectors: unchecked indexing panics and uncapped OOM allocations from crafted pack data High
GHSA-x494-mj8g-cj27 was published for gix-pack (Rust) May 5, 2026
kodareef5 Credited to kodareef5
An issue was discovered in Vanetza V2X v26.02 allowing remote unauthorized attackers to cause a... High Unreviewed
CVE-2026-37554 was published May 1, 2026
A vulnerability has been found in aligungr UERANSIM up to 3.2.7. The affected element is the... Moderate Unreviewed
CVE-2026-7183 was published Apr 28, 2026
Insufficient parameter verification leads to the occurrence of format errors in files, which will... Moderate Unreviewed
CVE-2026-5937 was published Apr 27, 2026
uutils coreutils has an Uncaught Exception When Encountering Valid but Non-UTF-8 Paths Moderate
CVE-2026-35348 was published for coreutils (Rust) Apr 22, 2026
Zebra Vulnerable to Denial of Service via Interrupted JSON-RPC Requests from Authenticated Clients Moderate
CVE-2026-41585 was published for zebra-rpc (Rust) Apr 18, 2026
upbqdn Credited to upbqdn, mpguerra, and conradoplg mpguerra mpguerra
conradoplg conradoplg
Wasmtime has host panic when Winch compiler executes `table.fill` Moderate
CVE-2026-34946 was published for wasmtime (Rust) Apr 9, 2026
shumbo Credited to shumbo and alexcrichton alexcrichton alexcrichton
Wasmtime segfault or unused out-of-sandbox load with `f64x2.splat` operator on x86-64 Moderate
CVE-2026-34944 was published for wasmtime (Rust) Apr 9, 2026
shumbo Credited to shumbo and alexcrichton alexcrichton alexcrichton
Wasmtime has a possible panic when lifting `flags` component value Moderate
CVE-2026-34943 was published for wasmtime (Rust) Apr 9, 2026
alexcrichton Credited to alexcrichton
NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server... High Unreviewed
CVE-2026-24175 was published Apr 7, 2026
Go JOSE Panics in JWE decryption High
CVE-2026-34986 was published for github.com/go-jose/go-jose (Go) Apr 3, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database