Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

377 advisories

Loading
Stack overflow vulnerability due to uncontrolled recursion in Avast Antivirus when scanning a... Moderate Unreviewed
CVE-2025-7010 was published Jun 13, 2026
Uncontrolled recursion vulnerability in Avast Antivirus when scanning a malformed Windows PE file... Moderate Unreviewed
CVE-2025-7005 was published Jun 13, 2026
A vulnerability in MongoDB Server's BSON validation logic allows an unauthenticated user to crash... High Unreviewed
CVE-2026-9740 was published Jun 10, 2026
Net::CIDR::Set versions through 0.20 for Perl did not validate IP addresses. The add method... High Unreviewed
CVE-2026-49941 was published Jun 4, 2026
Strawberry GraphQL has a Circular Fragment Reference DOS Moderate
CVE-2026-47706 was published for strawberry-graphql (pip) Jun 4, 2026
gonas0919 Credited to gonas0919, Ckk3, bellini666, and patrick91 Ckk3 Ckk3
bellini666 bellini666 patrick91 patrick91
Uncontrolled Recursion vulnerability in Samsung Open Source rlottie allows Oversized Serialized... Moderate Unreviewed
CVE-2026-47306 was published Jun 4, 2026
Access of uninitialized pointer, Uncontrolled Recursion vulnerability in Samsung Open Source... Moderate Unreviewed
CVE-2026-47320 was published Jun 4, 2026
Fixed a VM panic caused by unbounded recursion in the grpcfuse kernel module when a container... High Unreviewed
CVE-2026-8936 was published Jun 3, 2026
Under infinite recursion in the routing layer, request-handling can cause OOM error. Affected... Moderate Unreviewed
CVE-2026-40989 was published Jun 1, 2026
zeroconf has unbounded recursion in DNS compression-pointer decoder that allows LAN-local denial of service Moderate
CVE-2026-47180 was published for zeroconf (pip) May 29, 2026
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/vcn4: Avoid... Moderate Unreviewed
CVE-2026-46217 was published May 28, 2026
In the Linux kernel, the following vulnerability has been resolved: scsi: target: configfs:... High Unreviewed
CVE-2026-46149 was published May 28, 2026
Symfony hardened the parser when handling untrusted input Low
CVE-2026-45133 was published for symfony/symfony (Composer) May 27, 2026
nicolas-grekas Credited to nicolas-grekas and suidpit suidpit suidpit
IBM i 7.6, 7.5, 7.4, and 7.3 s vulnerable to a denial-of-service attack due to uncontrolled... Moderate Unreviewed
CVE-2026-6936 was published May 27, 2026
A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can cause a Stack... Moderate Unreviewed
CVE-2026-7453 was published May 26, 2026
SQLFluff: Recursive Stack Overflow in Parser High
CVE-2026-46373 was published for sqlfluff (pip) May 19, 2026
protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion Moderate
CVE-2026-45740 was published for protobufjs (npm) May 19, 2026
fasrm Credited to fasrm
Uncontrolled Recursion vulnerability in Samsung Open Source Escargot allows Excessive Allocation.... Moderate Unreviewed
CVE-2026-47317 was published May 19, 2026
Uncontrolled Recursion vulnerability in Samsung Open Source Escargot allows Oversized Serialized... Moderate Unreviewed
CVE-2026-47309 was published May 19, 2026
ImageMagick: Stack overflow in fx operation Moderate
CVE-2026-46557 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
007bsd Credited to 007bsd
ImageMagick: Policy Bypass in MNG coder could Moderate
CVE-2026-45664 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
pucagit Credited to pucagit
Stack exhaustion vulnerability in the MongoDB PHP driver can cause application crashes when... Moderate Unreviewed
CVE-2026-6811 was published May 15, 2026
Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect... High Unreviewed
CVE-2026-6479 was published May 14, 2026
Apache Commons Configuration: StackOverflowError for YAML input with cycles Moderate
CVE-2026-45205 was published for org.apache.commons:commons-configuration2 (Maven) May 14, 2026
go-billy: Lack of depth and cycle detection in symlink resolution may lead to infinite loops and resource exhaustion Moderate
CVE-2026-44740 was published for github.com/go-git/go-billy/v5 (Go) May 13, 2026
faran66 Credited to faran66
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database