Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,900
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,061
Rust
1,373
Swift
54
Unreviewed advisories
All unreviewed
5,000+

132 advisories

Loading
Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry... Unknown Unreviewed
CVE-2026-9538 was published May 26, 2026
Notebook Pro 2.0 contains a denial of service vulnerability that allows local attackers to crash... Moderate Unreviewed
CVE-2018-25378 was published May 26, 2026
Nord VPN 6.14.31 contains a denial of service vulnerability that allows unauthenticated attackers... High Unreviewed
CVE-2018-25368 was published May 26, 2026
Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14... High Unreviewed
CVE-2026-5740 was published May 26, 2026
Uncontrolled Memory Allocation vulnerability in Progress Software MOVEit Automation allows... Moderate Unreviewed
CVE-2026-8485 was published May 20, 2026
Memory allocation with excessive size value vulnerability in Samsung Open Source Escargot allows... Moderate Unreviewed
CVE-2026-47313 was published May 19, 2026
iskorotkov/avro: Denial-of-Service Vulnerability in Decoder High
GHSA-mx64-mj3q-7prj was published for github.com/iskorotkov/avro/v2 (Go) May 18, 2026
klajok Credited to klajok
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to validate 7zip... Moderate Unreviewed
CVE-2026-6340 was published May 18, 2026
Macaron Notes 5.5 contains a denial of service vulnerability that allows attackers to crash the... High Unreviewed
CVE-2021-47970 was published May 16, 2026
Sticky Notes & Color Widgets 1.4.2 contains a denial of service vulnerability that allows... High Unreviewed
CVE-2021-47972 was published May 16, 2026
My Notes Safe 5.3 contains a denial of service vulnerability that allows attackers to crash the... High Unreviewed
CVE-2021-47971 was published May 16, 2026
Color Notes 1.4 contains a denial of service vulnerability that allows attackers to crash the... High Unreviewed
CVE-2021-47969 was published May 16, 2026
Sticky Notes Widget 3.0.6 contains a denial of service vulnerability that allows attackers to... High Unreviewed
CVE-2021-47973 was published May 16, 2026
A vulnerability exists in the ngx_http_scgi_module and ngx_http_uwsgi_module modules that may... High Unreviewed
CVE-2026-42946 was published May 13, 2026
memono Notepad 4.2 contains a denial of service vulnerability that allows attackers to crash the... High Unreviewed
CVE-2021-47944 was published May 10, 2026
rust-zserio has Unbounded Memory Allocation High
GHSA-fpf5-4jw8-67x8 was published for rust-zserio (Rust) May 7, 2026
Netty HTTP/3 QPACK literal unbounded allocation High
CVE-2026-42582 was published for io.netty:netty-codec-http3 (Maven) May 7, 2026
violetagg Credited to violetagg
Nerdbank.MessagePack: Attacker-controlled stackalloc in DateTime decoding causes process-terminating StackOverflowException High
CVE-2026-44375 was published for Nerdbank.MessagePack (NuGet) May 6, 2026
OpAMP client reads unbounded HTTP response bodies Moderate
CVE-2026-42348 was published for OpenTelemetry.OpAmp.Client (NuGet) May 5, 2026
Kielek Credited to Kielek, martincostello, and arminru martincostello martincostello
arminru arminru
Prometheus: Remote read endpoint allows denial of service via crafted snappy payload High
CVE-2026-42154 was published for github.com/prometheus/prometheus (Go) May 5, 2026
ShadowByte1 Credited to ShadowByte1
Apache Thrift has a Memory Allocation with Excessive Size Value Vulnerability Moderate
CVE-2026-43868 was published for thrift (Rust) May 5, 2026
Apache OpenNLP AbstractModelReader has an OOM Denial of Service via Unbounded Array Allocation High
CVE-2026-42440 was published for org.apache.opennlp:opennlp-tools (Maven) May 4, 2026
ObserverIP Scan Tool 1.4.0.1 contains a denial of service vulnerability that allows local... Moderate Unreviewed
CVE-2018-25295 was published Apr 27, 2026
InfraRecorder 0.53 contains a denial of service vulnerability that allows local attackers to... Moderate Unreviewed
CVE-2018-25274 was published Apr 27, 2026
jiNa OCR Image to Text 1.0 contains a denial of service vulnerability that allows local attackers... Moderate Unreviewed
CVE-2018-25279 was published Apr 27, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database