Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

1,785 advisories

Loading
NIOExtras: NIOHTTPRequestDecompressor ratio limit bypass via inflated Content-Length Moderate
CVE-2026-28975 was published for github.com/apple/swift-nio-extras (Swift) Jun 12, 2026
nathanielmiller23 Credited to nathanielmiller23
SwiftNIO NIOHTTP1: HTTPDecoder accepts unbounded HTTP/1 header blocks, enabling remote DoS High
CVE-2026-28980 was published for github.com/apple/swift-nio (Swift) Jun 12, 2026
Joannis Credited to Joannis
Summarize before 0.17.0 contains a resource exhaustion vulnerability that allows remote attackers... Moderate Unreviewed
CVE-2026-53781 was published Jun 11, 2026
python-zeroconf: Unbounded TC-deferred queue allows LAN-local memory exhaustion via spoofed-source flood Moderate
CVE-2026-48045 was published for zeroconf (pip) Jun 11, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.10.8,... High Unreviewed
CVE-2026-7250 was published Jun 11, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.10.8,... Moderate Unreviewed
CVE-2026-1500 was published Jun 11, 2026
An allocation of resources without limits or throttling vulnerability has been reported to affect... Moderate Unreviewed
CVE-2026-24720 was published Jun 10, 2026
In Spring for Apache Kafka, unbounded delegate cache keyed on user-controlled, potentially malicious selector header Moderate
CVE-2026-41726 was published for org.springframework.kafka:spring-kafka (Maven) Jun 10, 2026
julianladisch Credited to julianladisch
Spring Data's internal property-lookup cache accepts and permanently retains attacker-supplied... High Unreviewed
CVE-2026-41716 was published Jun 10, 2026
PhoenixStorybook: Unbounded atom creation from LiveView event params (atom-table DoS) High
CVE-2026-8469 was published for phoenix_storybook (Erlang) Jun 9, 2026
PJUllrich Credited to PJUllrich, cblavier, and maennchen cblavier cblavier
maennchen maennchen
Unrestricted resource allocation in AMD uProf may be exploitable to consume excessive system... Moderate Unreviewed
CVE-2026-28237 was published Jun 9, 2026
Hermes WebUI before version 0.51.270 contains a resource exhaustion vulnerability that allows... Moderate Unreviewed
CVE-2026-49955 was published Jun 9, 2026
Applications which accept user-supplied Spring Expression Language (SpEL) expressions may be... Moderate Unreviewed
CVE-2026-41851 was published Jun 9, 2026
An attacker can craft a large number of unique requests that trigger a failure, exhausting the... Moderate Unreviewed
CVE-2026-41710 was published Jun 9, 2026
Spring HATEOAS maintains an unbounded static cache of StringLinkRelation instances keyed on... High Unreviewed
CVE-2026-41007 was published Jun 9, 2026
Netty: SCTP reassembly nests buffers without bound High
CVE-2026-46340 was published for io.netty:netty-transport-sctp (Maven) Jun 8, 2026
Netty: SNI handler pre-allocates up to 16 MiB from nine attacker bytes High
CVE-2026-45416 was published for io.netty:netty-handler (Maven) Jun 8, 2026
Uncontrolled Resource Consumption vulnerability in ninenines gun (gun_http module) allows a... High Unreviewed
CVE-2026-43973 was published Jun 8, 2026
klever-go: REST API slow-header connection exhaustion via Gin Engine.Run High
CVE-2026-52880 was published for github.com/klever-io/klever-go (Go) Jun 5, 2026
estensen Credited to estensen
klever-go: Unbounded goroutine spawn on direct-message ingress enables peer-driven DoS High
CVE-2026-52879 was published for github.com/klever-io/klever-go (Go) Jun 5, 2026
estensen Credited to estensen
In OpenStack Ironic 32 through 35.0.1, an unauthenticated malicious user could submit a crafted... Moderate Unreviewed
CVE-2026-50589 was published Jun 5, 2026
A missing upper-bound check in the udpif_set_threads() function of Open vSwitch v3.6.90 allows an... Moderate Unreviewed
CVE-2026-36499 was published Jun 4, 2026
Dell BSAFE SSL-J contains an allocation of resources without limits or throttling vulnerability.... High Unreviewed
CVE-2025-46638 was published Jun 4, 2026
React Router vulnerable to Denial of Service via reflected user input in single-fetch High
CVE-2026-34077 was published for react-router (npm) Jun 4, 2026
Oceandust Credited to Oceandust
Allocation of Resources Without Limits or Throttling in Axios High
CVE-2026-44488 was published for axios (npm) Jun 4, 2026
asadeddin Credited to asadeddin
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database