Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,606
Maven
5,000+
npm
5,000+
NuGet
924
pip
4,831
Pub
13
RubyGems
1,045
Rust
1,256
Swift
53
Unreviewed advisories
All unreviewed
5,000+

148 advisories

Loading
ImageMagick has an integer overflow in despeckle operation causing a heap buffer overflow on 32-bit builds Moderate
CVE-2026-34238 was published for Magick.NET-Q16-AnyCPU (NuGet) Apr 13, 2026
shitianyu-2004 Credited to shitianyu-2004
ImageMagick has a heap overflow caused by integer overflow/wraparound in viff encoder on 32-bit builds Moderate
CVE-2026-33900 was published for Magick.NET-Q16-AnyCPU (NuGet) Apr 13, 2026
shitianyu-2004 Credited to shitianyu-2004
Grid: Integer Overflow in Grid::expand_rows Leads to Safe-API Undefined Behavior Moderate
GHSA-38c5-483c-4qqp was published for grid (Rust) Apr 24, 2026
ksj1230 Credited to ksj1230
go-ntlmssp NTLM challenges can panic on malformed payloads Moderate
CVE-2026-32952 was published for github.com/Azure/go-ntlmssp (Go) Apr 23, 2026
nimiq-block has skip block quorum bypass via out-of-range BitSet indices & u16 truncation Critical
CVE-2026-33471 was published for nimiq-block (Rust) Apr 22, 2026
1seal Credited to 1seal
Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT vulnerable to Integer Overflow or Wraparound Moderate
CVE-2026-40046 was published for org.apache.activemq:activemq-all (Maven) Apr 9, 2026
Apache ActiveMQ is Vulnerable to Integer Overflow or Wraparound Moderate
CVE-2025-66168 was published for org.apache.activemq:activemq-all (Maven) Mar 4, 2026
ImageMagick has heap-buffer-overflow via signed integer overflow in WriteUHDRImage when writing UHDR images with large dimensions High
CVE-2026-25794 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
OpenEXR: DWA Lossy Decoder Heap Out-of-Bounds Write High
CVE-2026-34589 was published for OpenEXR (pip) Apr 8, 2026
quangIO Credited to quangIO
OpenEXR has a signed 32-bit Overflow in PIZ Decoder Leads to OOB Read/Write High
CVE-2026-34588 was published for OpenEXR (pip) Apr 8, 2026
quangIO Credited to quangIO
libp2p-gossipsub: Remote crash via unchecked Instant overflow in heartbeat backoff expiry handling High
CVE-2026-34219 was published for libp2p-gossipsub (Rust) Mar 30, 2026
OpenEXR: integer overflow to OOB write in uncompress_b44_impl() High
CVE-2026-34544 was published for openexr (pip) Apr 3, 2026
nicoppida Credited to nicoppida
NATS: Pre-auth remote server crash via WebSocket frame length overflow in wsRead High
CVE-2026-27889 was published for github.com/nats-io/nats-server (Go) Mar 25, 2026
Mistz1 Credited to Mistz1 and jiayuqi7813 jiayuqi7813 jiayuqi7813
Bug fixes in hpke-rs, hpke-rs-rust-crypto High
GHSA-g433-pq76-6cmf was published for hpke-rs (Rust) Feb 13, 2026
bcrypt-ruby has an Integer Overflow that Causes Zero Key-Strengthening Iterations at Cost=31 on JRuby Moderate
CVE-2026-33306 was published for bcrypt (RubyGems) Mar 19, 2026
Integer overflow in chunking helper causes dispatching to miss elements or panic High
CVE-2024-27101 was published for github.com/authzed/spicedb (Go) Mar 1, 2024
Gossipsub PRUNE.backoff Duration Overflow High
CVE-2026-33040 was published for libp2p-gossipsub (Rust) Mar 18, 2026
UltraJSON has an integer overflow handling large indent leads to buffer overflow or infinite loop High
CVE-2026-32875 was published for ujson (pip) Mar 18, 2026
vmfunc Credited to vmfunc and bwoodsend bwoodsend bwoodsend
File Browser TUS Negative Upload-Length Fires Post-Upload Hooks Prematurely Moderate
CVE-2026-32759 was published for github.com/filebrowser/filebrowser/v2 (Go) Mar 16, 2026
fg0x0 Credited to fg0x0
pgproto3 SQL Injection via Protocol Message Size Overflow High
GHSA-7jwh-3vrq-q3m8 was published for github.com/jackc/pgproto3 (Go) Mar 4, 2024
paul-gerste-sonarsource Credited to paul-gerste-sonarsource
Yamux vulnerable to remote Panic via malformed WindowUpdate credit High
CVE-2026-31814 was published for yamux (Rust) Mar 13, 2026
pgx SQL Injection via Protocol Message Size Overflow High
CVE-2024-27304 was published for github.com/jackc/pgx (Go) Mar 4, 2024
paul-gerste-sonarsource Credited to paul-gerste-sonarsource
ImageMagick has Integer Overflow leading to out of bounds write in SIXEL decoder Moderate
CVE-2026-28493 was published for Magick.NET-Q16-AnyCPU (NuGet) Mar 12, 2026
ImageMagick Has Signed Integer Overflow in SIXEL Decoder, Leading to Memory Corruption Moderate
CVE-2026-25970 was published for Magick.NET-Q16-AnyCPU (NuGet) Mar 12, 2026
ylwango613 Credited to ylwango613
Apache Tomcat Catalina is vulnerable to DoS attack through bypassing of size limits High
CVE-2025-52520 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jul 10, 2025
westonsteimel Credited to westonsteimel
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database