Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,518
Maven
5,000+
npm
5,000+
NuGet
911
pip
4,758
Pub
13
RubyGems
1,036
Rust
1,228
Swift
53
Unreviewed advisories
All unreviewed
5,000+

2,626 advisories

Loading
Gossipsub PRUNE.backoff Duration Overflow High
CVE-2026-33040 was published for libp2p-gossipsub (Rust) Mar 18, 2026
UltraJSON has an integer overflow handling large indent leads to buffer overflow or infinite loop High
CVE-2026-32875 was published for ujson (pip) Mar 18, 2026
vmfunc Credited to vmfunc and bwoodsend bwoodsend bwoodsend
Netskope was notified about a potential gap in its Endpoint DLP Module for Netskope Client on... Moderate Unreviewed
CVE-2025-15584 was published Mar 17, 2026
Netskope was notified about a potential gap in its Endpoint DLP Module for Netskope Client on... Moderate Unreviewed
CVE-2026-2809 was published Mar 17, 2026
File Browser TUS Negative Upload-Length Fires Post-Upload Hooks Prematurely Moderate
CVE-2026-32759 was published for github.com/filebrowser/filebrowser/v2 (Go) Mar 16, 2026
fg0x0 Credited to fg0x0
GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability. This vulnerability... High Unreviewed
CVE-2026-2921 was published Mar 16, 2026
Yamux vulnerable to remote Panic via malformed WindowUpdate credit High
CVE-2026-31814 was published for yamux (Rust) Mar 13, 2026
ImageMagick has Integer Overflow leading to out of bounds write in SIXEL decoder Moderate
CVE-2026-28493 was published for Magick.NET-Q16-AnyCPU (NuGet) Mar 12, 2026
ImageMagick Has Signed Integer Overflow in SIXEL Decoder, Leading to Memory Corruption Moderate
CVE-2026-25970 was published for Magick.NET-Q16-AnyCPU (NuGet) Mar 12, 2026
ylwango613 Credited to ylwango613
Integer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to... High Unreviewed
CVE-2026-3914 was published Mar 12, 2026
DNG SDK versions 1.7.1 2471 and earlier are affected by an Integer Overflow or Wraparound... Moderate Unreviewed
CVE-2026-27281 was published Mar 10, 2026
Integer overflow or wraparound in Microsoft Office allows an authorized attacker to elevate... High Unreviewed
CVE-2026-26134 was published Mar 10, 2026
Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an... High Unreviewed
CVE-2026-26111 was published Mar 10, 2026
Crypt::NaCl::Sodium versions through 2.002 for Perl has potential integer overflows. bin2hex,... Critical Unreviewed
CVE-2026-30909 was published Mar 8, 2026
Crypt::Sodium::XS versions through 0.001000 for Perl has potential integer overflows. Combined... High Unreviewed
CVE-2026-30910 was published Mar 8, 2026
Integer overflow in ANGLE in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to... High Unreviewed
CVE-2026-3536 was published Mar 4, 2026
A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD... Moderate Unreviewed
CVE-2026-20025 was published Mar 4, 2026
neqo-qpack has iInteger overflow in qpack dynamic table indexing Moderate
GHSA-6w86-wgwq-rgq8 was published for neqo-qpack (Rust) Mar 4, 2026
Apache ActiveMQ is Vulnerable to Integer Overflow or Wraparound Moderate
CVE-2025-66168 was published for org.apache.activemq:activemq-all (Maven) Mar 4, 2026
In multiple functions of mem_protect.c, there is a possible out of bounds write due to an integer... High Unreviewed
CVE-2026-0031 was published Mar 2, 2026
In __pkvm_host_share_guest of mem_protect.c, there is a possible out of bounds write due to an... High Unreviewed
CVE-2026-0028 was published Mar 2, 2026
Memory corruption while using alignments for memory allocation. High Unreviewed
CVE-2026-21385 was published Mar 2, 2026
psd-tools: Compression module has unguarded zlib decompression, missing dimension validation, and hardening gaps Moderate
CVE-2026-27809 was published for psd-tools (pip) Feb 26, 2026
ImageMagick: Integer Overflow in PSB (PSD v2) RLE decoding path causes heap Out of Bounds reads for 32-bit builds Low
CVE-2026-25984 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 25, 2026
andsopwn Credited to andsopwn
ImageMagick: Integer overflow or wraparound and incorrect conversion between numeric types in the internal SVG decoder High
CVE-2026-25989 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
petermalone Credited to petermalone
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database