GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

GitHub reviewed advisories

All reviewed 32,405
Composer 6,096
Erlang 74
GitHub Actions 54
Go 4,134
Maven 6,705
npm 6,658
NuGet 1,013
pip 5,517
Pub 13
RubyGems 1,095
Rust 1,419
Swift 61

Unreviewed advisories

All unreviewed 310,362

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

2,413 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames,... Moderate Unreviewed

CVE-2026-48619 was published Jun 26, 2026

An attacker can send a web request that causes unlimited memory allocation in the internal web... Moderate Unreviewed

CVE-2026-42005 was published Jun 25, 2026

Cap-go capgo (capgo-backend) before 12.128.12 contains an unauthenticated denial-of-service... High Unreviewed

CVE-2026-56248 was published Jun 23, 2026

Traefik before 2.10.5 and 3.0.0-beta4 is affected by a denial-of-service vulnerability in HTTP/2... High Unreviewed

CVE-2023-54365 was published Jun 23, 2026

IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0... High Unreviewed

CVE-2026-9071 was published Jun 22, 2026

IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0... Moderate Unreviewed

CVE-2026-9320 was published Jun 22, 2026

urllib3 version 2.6.3 is vulnerable to a decompression bomb bypass in its streaming API (... High Unreviewed

CVE-2026-9375 was published Jun 19, 2026

A TraceQL query in Grafana Tempo with a large exemplars hint value can cause the Tempo instance... Moderate Unreviewed

CVE-2026-27878 was published Jun 19, 2026

A flaw in Node.js HTTP/2 server API can cause servers to keep accepting data even after sending a... Moderate Unreviewed

CVE-2026-48937 was published Jun 18, 2026

In PackageInstaller.Session#transfer of frameworks/base/services/core/java/com/android/server/pm... Critical Unreviewed

CVE-2026-28575 was published Jun 17, 2026

In multiple places, there is a possible persistent denial of service due to resource exhaustion.... Critical Unreviewed

CVE-2026-0064 was published Jun 17, 2026

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager... High Unreviewed

CVE-2026-46866 was published Jun 17, 2026

Vulnerability in the MySQL Server, MySQL Cluster product of Oracle MySQL (component: Server:... High Unreviewed

CVE-2026-46863 was published Jun 17, 2026

Vulnerability in the MySQL Router product of Oracle MySQL (component: Router: General). ... High Unreviewed

CVE-2026-46862 was published Jun 17, 2026

Denial-of-service in the Graphics: ImageLib component. This vulnerability was fixed in Firefox... Moderate Unreviewed

CVE-2026-12325 was published Jun 16, 2026

Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox... Moderate Unreviewed

CVE-2026-12319 was published Jun 16, 2026

An issue in the uploadPostHandler component of Andrei Marcu linx-server v2.3.8 allows attackers... High Unreviewed

CVE-2026-50879 was published Jun 15, 2026

An issue in the /api/v0/pastes endpoint of anna-is-cute paste v0.1.1 allows attackers to cause a... High Unreviewed

CVE-2026-50882 was published Jun 15, 2026

An input handling flaw in the HTTP refresh token process of LLDAP v0.6.2 allows attackers to... High Unreviewed

CVE-2026-50889 was published Jun 15, 2026

An issue in the attachment handling component of Feuerhamster MailForm v1.1.0 allows attackers to... High Unreviewed

CVE-2026-50878 was published Jun 15, 2026

In Spring Cloud Sleuth, it is possible for a user to provide specially crafted calls that may... High Unreviewed

CVE-2026-41708 was published Jun 15, 2026

An issue in the /util/http/prelude.rs endpoint of Datadog, Inc Vector v0.54.0 allows attackers to... Moderate Unreviewed

CVE-2026-39197 was published Jun 15, 2026

There is no restriction on the amount of attachment headers that a message can contain when being... High Unreviewed

CVE-2026-50645 was published Jun 12, 2026

Idira Privileged Access Manager (PAM) Self-Hosted Vault versions prior to 15.0.3, 14.6.5, 14.2.7,... High Unreviewed

CVE-2026-45169 was published Jun 12, 2026

vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory (OOM) Denial of Service (DoS)... High Unreviewed

CVE-2026-5497 was published Jun 11, 2026

Previous1…97 Next

Previous 1 2 3 4 5 … 96 97 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

2,413 advisories