GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
145 advisories
Filter by severity
Color Notes 1.4 contains a denial of service vulnerability that allows attackers to crash the...
High
Unreviewed
CVE-2021-47969
was published
May 16, 2026
A vulnerability exists in the ngx_http_scgi_module and ngx_http_uwsgi_module modules that may...
High
Unreviewed
CVE-2026-42946
was published
May 13, 2026
memono Notepad 4.2 contains a denial of service vulnerability that allows attackers to crash the...
High
Unreviewed
CVE-2021-47944
was published
May 10, 2026
rust-zserio has Unbounded Memory Allocation
High
GHSA-fpf5-4jw8-67x8
was published
for
rust-zserio
(Rust)
May 7, 2026
Netty HTTP/3 QPACK literal unbounded allocation
High
CVE-2026-42582
was published
for
io.netty:netty-codec-http3
(Maven)
May 7, 2026
Nerdbank.MessagePack: Attacker-controlled stackalloc in DateTime decoding causes process-terminating StackOverflowException
High
CVE-2026-44375
was published
for
Nerdbank.MessagePack
(NuGet)
May 6, 2026
OpAMP client reads unbounded HTTP response bodies
Moderate
CVE-2026-42348
was published
for
OpenTelemetry.OpAmp.Client
(NuGet)
May 5, 2026
Prometheus: Remote read endpoint allows denial of service via crafted snappy payload
High
CVE-2026-42154
was published
for
github.com/prometheus/prometheus
(Go)
May 5, 2026
Apache Thrift has a Memory Allocation with Excessive Size Value Vulnerability
Moderate
CVE-2026-43868
was published
for
thrift
(Rust)
May 5, 2026
Apache OpenNLP AbstractModelReader has an OOM Denial of Service via Unbounded Array Allocation
High
CVE-2026-42440
was published
for
org.apache.opennlp:opennlp-tools
(Maven)
May 4, 2026
ObserverIP Scan Tool 1.4.0.1 contains a denial of service vulnerability that allows local...
Moderate
Unreviewed
CVE-2018-25295
was published
Apr 27, 2026
jiNa OCR Image to Text 1.0 contains a denial of service vulnerability that allows local attackers...
Moderate
Unreviewed
CVE-2018-25279
was published
Apr 27, 2026
InfraRecorder 0.53 contains a denial of service vulnerability that allows local attackers to...
Moderate
Unreviewed
CVE-2018-25274
was published
Apr 27, 2026
ParquetSharp: Possible Stack Overflow When Reading a ParquetFile with Large Decimal Type Width
Moderate
CVE-2026-42241
was published
for
ParquetSharp
(NuGet)
Apr 24, 2026
go-zserio has Unbounded Memory Allocation for All Platforms
Critical
GHSA-xhj4-g6w8-2xjw
was published
for
github.com/woven-planet/go-zserio
(Go)
Apr 24, 2026
Zserio Runtime: Integer Overflow in BitStreamReader and Unbounded Memory Allocation in Deserialization
High
CVE-2026-33524
was published
for
io.github.ndsev:zserio-runtime
(Maven)
Apr 24, 2026
russh has pre-auth DoS via unbounded allocation in its keyboard-interactive auth handler
High
CVE-2026-42189
was published
for
russh
(Rust)
Apr 24, 2026
OpenTelemetry dotnet: Excessive memory allocation when parsing OpenTelemetry propagation headers
Moderate
CVE-2026-40894
was published
for
OpenTelemetry.Api
(NuGet)
Apr 23, 2026
OpenTelemetry dotnet: Unbounded `grpc-status-details-bin` parsing in OTLP/gRPC retry handling
Moderate
CVE-2026-40891
was published
for
OpenTelemetry.Exporter.OpenTelemetryProtocol
(NuGet)
Apr 23, 2026
OpenTelemetry dotnet: OTLP exporter reads unbounded HTTP response bodies
Moderate
CVE-2026-40182
was published
for
OpenTelemetry.Exporter.OpenTelemetryProtocol
(NuGet)
Apr 23, 2026
pypdf: Manipulated FlateDecode image dimensions can exhaust RAM
Moderate
CVE-2026-41314
was published
for
pypdf
(pip)
Apr 16, 2026
pypdf: Manipulated FlateDecode predictor parameters can exhaust RAM
Moderate
CVE-2026-41312
was published
for
pypdf
(pip)
Apr 16, 2026
zrok: Unauthenticated DoS via unbounded memory allocation in striped session cookie parsing
High
CVE-2026-40303
was published
for
github.com/openziti/zrok
(Go)
Apr 16, 2026
Wasmtime has improperly masked return value from `table.grow` with Winch compiler backend
Moderate
CVE-2026-35186
was published
for
wasmtime
(Rust)
Apr 10, 2026
Duplicate Advisory: OpenClaw: Remote media error responses could trigger unbounded memory allocation before failure
Moderate
GHSA-hm63-vwj4-mj2q
was published
for
openclaw
(npm)
Apr 10, 2026
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API