Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,479
Maven
5,000+
npm
5,000+
NuGet
886
pip
4,740
Pub
13
RubyGems
1,031
Rust
1,225
Swift
53
Unreviewed advisories
All unreviewed
5,000+

3,320 advisories

Loading
@vitejs/plugin-rsc has a Denial of Service with React Server Components High
GHSA-v457-wxvj-p9w9 was published for @vitejs/plugin-rsc (npm) Apr 10, 2026
React Server Components have a Denial of Service Vulnerability High
CVE-2026-23869 was published for react-server-dom-parcel (npm) Apr 10, 2026
Apache ActiveMQ: Denial of Service via Out of Memory vulnerability High
CVE-2026-39304 was published for org.apache.activemq:activemq-all (Maven) Apr 10, 2026
Zod jsVideoUrlParser vulnerable to ReDoS in util.js Moderate
CVE-2026-5986 was published for js-video-url-parser (npm) Apr 10, 2026
OpenClaw: Concurrent async auth attempts can bypass the intended shared-secret rate-limit budget on Tailscale-capable paths Low
GHSA-25wv-8phj-8p7r was published for openclaw (npm) Apr 9, 2026
Telecaster2147 Credited to Telecaster2147
Tmds.DBus: malicious D-Bus peers can spoof signals, exhaust file descriptor resources, and cause denial of service High
CVE-2026-39959 was published for Tmds.DBus (NuGet) Apr 8, 2026
Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive... Moderate Unreviewed
CVE-2026-33459 was published Apr 8, 2026
Axios HTTP/2 Session Cleanup State Corruption Vulnerability Moderate
CVE-2026-39865 was published for axios (npm) Apr 8, 2026
vmulas Credited to vmulas
kubernetes-graphql-gateway: GraphQL Endpoint Vulnerable to Authenticated Denial-of-Service via Unrestricted Query Execution Moderate
GHSA-h9mw-h4qc-f5jf was published for github.com/platform-mesh/kubernetes-graphql-gateway (Go) Apr 8, 2026
LiquidJS Has Memory Limit Bypass via Quadratic Amplification in `replace` Filter Low
CVE-2026-34166 was published for liquidjs (npm) Apr 8, 2026
offset Credited to offset
FastFeedParser has an infinite redirect loop DoS via meta-refresh chain High
CVE-2026-39376 was published for fastfeedparser (pip) Apr 8, 2026
redyank Credited to redyank
skilleton has improper input handling in repository/path processing Moderate
GHSA-5g3j-89fr-r2vp was published for skilleton (npm) Apr 8, 2026
netavark has incorrect error handling for malformed tcp packets Moderate
CVE-2026-35406 was published for netavark (Rust) Apr 7, 2026
dkane01 Credited to dkane01
OpenTelemetry-Go: multi-value `baggage` header extraction causes excessive allocations (remote dos amplification) High
CVE-2026-29181 was published for go.opentelemetry.io/otel/baggage (Go) Apr 7, 2026
1seal Credited to 1seal and XSAM XSAM XSAM
Apache Cassandra has an authenticated DoS over CQL Low
CVE-2026-32588 was published for org.apache.cassandra:cassandra-all (Maven) Apr 7, 2026
Fedify affected by resource exhaustion caused by unbounded redirect following during remote key/document resolution High
CVE-2026-34148 was published for @fedify/fedify (npm) Apr 7, 2026
wrathsec Credited to wrathsec
PocketMine-MP: LogDoS by large complex unknown property logging in clientData in LoginPacket High
GHSA-h6rj-3m53-887h was published for pocketmine/pocketmine-mp (Composer) Apr 6, 2026
ArkadiaEU Credited to ArkadiaEU and dktapps dktapps dktapps
In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service... Moderate Unreviewed
CVE-2026-0049 was published Apr 6, 2026
An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos... Critical Unreviewed
CVE-2025-58349 was published Apr 6, 2026
An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos... High Unreviewed
CVE-2025-54324 was published Apr 6, 2026
An issue was discovered in USIM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos... High Unreviewed
CVE-2025-59440 was published Apr 6, 2026
strawberry-graphql: Denial of Service via unbounded WebSocket subscriptions High
CVE-2026-35526 was published for strawberry-graphql (pip) Apr 6, 2026
JFOZ1010 Credited to JFOZ1010, patrick91, and bellini666 patrick91 patrick91
bellini666 bellini666
Directus: Unauthenticated Denial of Service via GraphQL Alias Amplification of Expensive Health Check Resolver High
GHSA-6q22-g298-grjh was published for directus (npm) Apr 4, 2026
bugbunny-research Credited to bugbunny-research
Directus: GraphQL Alias Amplification Denial of Service Due to Missing Query Cost/Complexity Limits Moderate
CVE-2026-35441 was published for directus (npm) Apr 4, 2026
liyander Credited to liyander
Mesop: Unbounded Thread Creation in WebSocket Handler Leads to Denial of Service High
CVE-2026-34824 was published for mesop (pip) Apr 3, 2026
tubadeligoz Credited to tubadeligoz
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database