Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
43
Go
3,153
Maven
5,000+
npm
5,000+
NuGet
861
pip
4,451
Pub
12
RubyGems
991
Rust
1,179
Swift
50
Unreviewed advisories
All unreviewed
5,000+

3,226 advisories

Loading
ImageMagick: Specially crafted SVG leads to segmentation fault and generate trash files in "/tmp", possible to leverage DoS Moderate
CVE-2023-1289 was published for Magick.NET-Q16-AnyCPU (NuGet) Mar 12, 2026
Im10n Credited to Im10n
Tornado is vulnerable to DoS due to too many multipart parts High
CVE-2026-31958 was published for tornado (pip) Mar 12, 2026
0x-Apollyon Credited to 0x-Apollyon and bekkaze bekkaze bekkaze
An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in Nexusoft... High Unreviewed
CVE-2025-70047 was published Mar 9, 2026
An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in YMFE yapi v1... High Unreviewed
CVE-2025-70059 was published Mar 9, 2026
A crafted JavaScript input executed with the QuickJS release 2025-09-13, fixed in commit... High Unreviewed
CVE-2025-69654 was published Mar 6, 2026
Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with... Moderate Unreviewed
CVE-2025-69646 was published Mar 6, 2026
Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with... Moderate Unreviewed
CVE-2025-69645 was published Mar 6, 2026
An issue was discovered in Binutils before 2.46. The objdump contains a denial-of-service... Moderate Unreviewed
CVE-2025-69644 was published Mar 6, 2026
The Eclipse Jetty Server Artifact has a Gzip request memory leak High
CVE-2026-1605 was published for org.eclipse.jetty:jetty-server (Maven) Mar 5, 2026
glebashnik Credited to glebashnik and bjorncs bjorncs bjorncs
Python-Markdown has an Uncaught Exception Moderate
CVE-2025-69534 was published for Markdown (pip) Mar 5, 2026
Multiple Cisco products are affected by a vulnerability in the Snort 3 Detection Engine that... Moderate Unreviewed
CVE-2026-20066 was published Mar 4, 2026
A technique has been identified that adapts a known port-stealing method to Wi-Fi environments... Moderate Unreviewed
CVE-2026-23809 was published Mar 4, 2026
An issue in DJI Mavic Mini, Spark, Mavic Air, Mini, Mini SE 0.1.00.0500 and below allows a remote... High Unreviewed
CVE-2026-26673 was published Mar 4, 2026
Traefik: tcp router clears read deadlines before tls forwarding, enabling stalled handshakes (Slowloris DOS) High
CVE-2026-26999 was published for github.com/traefik/traefik/v2 (Go) Mar 4, 2026
1seal Credited to 1seal
OpenClaw skills-install-download: tar.bz2 extraction bypassed archive safety parity checks (local DoS) Moderate
GHSA-77hf-7fqf-f227 was published for openclaw (npm) Mar 3, 2026
GCXWLP Credited to GCXWLP
OpenClaw has pre-auth webhook body parsing that can enable unauthenticated slow-request DoS Moderate
GHSA-x4vp-4235-65hg was published for openclaw (npm) Mar 3, 2026
GCXWLP Credited to GCXWLP
Django vulnerable to Uncontrolled Resource Consumption High
CVE-2026-25673 was published for Django (pip) Mar 3, 2026
OpenClaw voice-call media stream validated streams after upgrade, which could allow pre-start unauthenticated sockets to increase resource pressure High
CVE-2026-32062 was published for @openclaw/voice-call (npm) Mar 2, 2026
jiseoung Credited to jiseoung
OpenClaw's inbound media downloads could exceed configured byte limits before rejection across multiple channels Moderate
GHSA-rxxp-482v-7mrh was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
`melange update-cache` has unbounded HTTP download that can exhaust disk in CI Moderate
CVE-2026-29049 was published for chainguard.dev/melange (Go) Mar 2, 2026
1seal Credited to 1seal, antitree, and 89luca89 antitree antitree
89luca89 89luca89
OpenClaw has unbounded memory growth in Zalo webhook via query-string key churn (unauthenticated DoS) Moderate
GHSA-wr6m-jg37-68xh was published for openclaw (npm) Mar 2, 2026
Somet2mes Credited to Somet2mes and migraine-sudo migraine-sudo migraine-sudo
OliveTin has unauthenticated DoS via concurrent map writes in OAuth2 state handling High
CVE-2026-28789 was published for github.com/OliveTin/OliveTin (Go) Mar 2, 2026
kule500 Credited to kule500
In multiple functions of MmsProvider.java, there is a possible way to arbitrarily delete files... Critical Unreviewed
CVE-2025-48609 was published Mar 2, 2026
OliveTin has Unauthenticated Denial of Service via Memory Exhaustion in PasswordHash API Endpoint High
CVE-2026-28342 was published for github.com/OliveTin/OliveTin (Go) Mar 2, 2026
fg0x0 Credited to fg0x0
malcontent: Error-path cleanup gap can leak scanners and fds and degrade availability Moderate
GHSA-54p8-x2m9-c593 was published for github.com/chainguard-dev/malcontent (Go) Mar 2, 2026
1seal Credited to 1seal, stevebeattie, and egibs stevebeattie stevebeattie
egibs egibs
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database