Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

502 advisories

Loading
Ech0: ParseAcceptLanguage `_` separator bypass enables ~70x CPU amplification via Accept-Language header in i18n.Middleware High
GHSA-mqxv-9rm6-w8qc was published for github.com/lin-snow/ech0 (Go) Jul 14, 2026
tonghuaroot Credited to tonghuaroot
Wasmtime: Memory leak in C API with `externref` and `anyref` types Low
CVE-2025-61670 was published for wasmtime-bin (pip) Jul 14, 2026
alexcrichton Credited to alexcrichton
golang.org/x/crypto: Invoking client can cause server deadlock on unexpected responses Critical
CVE-2026-39830 was published for golang.org/x/crypto (Go) Jun 25, 2026
In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: restore... Moderate Unreviewed
CVE-2026-53154 was published Jun 25, 2026
netty-codec-http2: ByteBuf Reference-Count Leak in DelegatingDecompressorFrameListener Leads to Memory Exhaustion Moderate
CVE-2026-48043 was published for io.netty:netty-codec-http2 (Maven) Jun 11, 2026
Netty's Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator High
CVE-2026-48006 was published for io.netty:netty-codec-redis (Maven) Jun 11, 2026
Netty: Unix-socket fd receive leaks descriptors when peer sends two at once Moderate
CVE-2026-45536 was published for io.netty:netty-transport-native-epoll (Maven) Jun 8, 2026
Klever-Go KVM: Throttler slot leak in trie account-data sync causes epoch bootstrap / state sync DoS Moderate
CVE-2026-49343 was published for github.com/klever-io/klever-go (Go) Jun 5, 2026
maiiquynhh Credited to maiiquynhh
opentelemetry-go's Schema ParseFile leaks file descriptors on each parse Low
CVE-2026-45287 was published for go.opentelemetry.io/otel/schema/v1.0 (Go) May 28, 2026
pellared Credited to pellared and MrAlias MrAlias MrAlias
Tanium addressed a denial of service vulnerability in Tanium Server. Moderate Unreviewed
CVE-2026-9156 was published May 27, 2026
Netty epoll transport denial of service via RST on half-closed TCP connection High
CVE-2026-42577 was published for io.netty:netty-transport-native-epoll (Maven) May 6, 2026
Stormpx Credited to Stormpx, dzaisban, normanmaurer, SeBBBe, pjfanning, jneira-stratio, mpenttila, and chrisvest dzaisban dzaisban
normanmaurer normanmaurer SeBBBe SeBBBe pjfanning pjfanning jneira-stratio jneira-stratio mpenttila mpenttila chrisvest chrisvest
Multer vulnerable to Denial of Service via resource exhaustion High
CVE-2026-2359 was published for multer (npm) Mar 1, 2026
ctcpip Credited to ctcpip, nawin23, UlisesGascon, sheplu, and bjohansebas nawin23 nawin23
UlisesGascon UlisesGascon sheplu sheplu bjohansebas bjohansebas
ProTip! Advisories are also available from the GraphQL API