GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,316
Maven
5,000+
npm
5,000+
NuGet
1,030
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
502 advisories
Filter by severity
A vulnerability was found in libsoup's HTTP/2 protocol implementation. The library fails to...
Moderate
Unreviewed
CVE-2026-15713
was published
Jul 14, 2026
Ech0: ParseAcceptLanguage `_` separator bypass enables ~70x CPU amplification via Accept-Language header in i18n.Middleware
High
GHSA-mqxv-9rm6-w8qc
was published
for
github.com/lin-snow/ech0
(Go)
Jul 14, 2026
Wasmtime: Memory leak in C API with `externref` and `anyref` types
Low
CVE-2025-61670
was published
for
wasmtime-bin
(pip)
Jul 14, 2026
golang.org/x/crypto: Invoking client can cause server deadlock on unexpected responses
Critical
CVE-2026-39830
was published
for
golang.org/x/crypto
(Go)
Jun 25, 2026
An attacker might be able to cause outgoing TCP connections to backend to be stuck until a...
Moderate
Unreviewed
CVE-2026-40209
was published
Jun 25, 2026
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: ISO: Fix not...
Moderate
Unreviewed
CVE-2026-53251
was published
Jun 25, 2026
In the Linux kernel, the following vulnerability has been resolved:
mm/hugetlb: restore...
Moderate
Unreviewed
CVE-2026-53154
was published
Jun 25, 2026
netty-codec-http2: ByteBuf Reference-Count Leak in DelegatingDecompressorFrameListener Leads to Memory Exhaustion
Moderate
CVE-2026-48043
was published
for
io.netty:netty-codec-http2
(Maven)
Jun 11, 2026
Netty's Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator
High
CVE-2026-48006
was published
for
io.netty:netty-codec-redis
(Maven)
Jun 11, 2026
Netty: Unix-socket fd receive leaks descriptors when peer sends two at once
Moderate
CVE-2026-45536
was published
for
io.netty:netty-transport-native-epoll
(Maven)
Jun 8, 2026
In the Linux kernel, the following vulnerability has been resolved:
pmdomain: core: Fix detach...
Moderate
Unreviewed
CVE-2026-46292
was published
Jun 8, 2026
Klever-Go KVM: Throttler slot leak in trie account-data sync causes epoch bootstrap / state sync DoS
Moderate
CVE-2026-49343
was published
for
github.com/klever-io/klever-go
(Go)
Jun 5, 2026
opentelemetry-go's Schema ParseFile leaks file descriptors on each parse
Low
CVE-2026-45287
was published
for
go.opentelemetry.io/otel/schema/v1.0
(Go)
May 28, 2026
Tanium addressed a denial of service vulnerability in Tanium Server.
Moderate
Unreviewed
CVE-2026-9156
was published
May 27, 2026
When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol ...
High
Unreviewed
CVE-2026-39455
was published
May 13, 2026
An unauthenticated remote attacker may exhaust all available TCP connections in the CODESYS...
High
Unreviewed
CVE-2026-35227
was published
May 12, 2026
In the Linux kernel, the following vulnerability has been resolved:
dm: remove fake timeout to...
Moderate
Unreviewed
CVE-2026-43314
was published
May 8, 2026
Netty epoll transport denial of service via RST on half-closed TCP connection
High
CVE-2026-42577
was published
for
io.netty:netty-transport-native-epoll
(Maven)
May 6, 2026
In the Linux kernel, the following vulnerability has been resolved:
media: cx88: Add missing...
Moderate
Unreviewed
CVE-2026-43257
was published
May 6, 2026
In the Linux kernel, the following vulnerability has been resolved:
scsi: target: tcm_loop:...
Moderate
Unreviewed
CVE-2026-43054
was published
May 1, 2026
A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by...
High
Unreviewed
CVE-2026-3104
was published
Mar 25, 2026
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: purge error...
Moderate
Unreviewed
CVE-2026-23299
was published
Mar 25, 2026
Due to a programming error, blocklistd leaks a socket descriptor for each adverse event report it...
High
Unreviewed
CVE-2026-2261
was published
Mar 9, 2026
A vulnerability in the handling of the embryonic connection limits in Cisco Secure Firewall...
High
Unreviewed
CVE-2026-20082
was published
Mar 4, 2026
Multer vulnerable to Denial of Service via resource exhaustion
High
CVE-2026-2359
was published
for
multer
(npm)
Mar 1, 2026
ProTip!
Advisories are also available from the
GraphQL API