Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
43
Go
3,164
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,458
Pub
12
RubyGems
991
Rust
1,184
Swift
50
Unreviewed advisories
All unreviewed
5,000+

1,636 advisories

Loading
HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and... High Unreviewed
CVE-2026-25819 was published Mar 13, 2026
CairoSVG vulnerable to Exponential DoS via recursive <use> element amplification High
CVE-2026-31899 was published for CairoSVG (pip) Mar 13, 2026
SnailSploit Credited to SnailSploit
Tornado is vulnerable to DoS due to too many multipart parts High
CVE-2026-31958 was published for tornado (pip) Mar 12, 2026
0x-Apollyon Credited to 0x-Apollyon and bekkaze bekkaze bekkaze
An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in Nexusoft... High Unreviewed
CVE-2025-70047 was published Mar 9, 2026
An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in YMFE yapi v1... High Unreviewed
CVE-2025-70059 was published Mar 9, 2026
A crafted JavaScript input executed with the QuickJS release 2025-09-13, fixed in commit... High Unreviewed
CVE-2025-69654 was published Mar 6, 2026
The Eclipse Jetty Server Artifact has a Gzip request memory leak High
CVE-2026-1605 was published for org.eclipse.jetty:jetty-server (Maven) Mar 5, 2026
glebashnik Credited to glebashnik and bjorncs bjorncs bjorncs
An issue in DJI Mavic Mini, Spark, Mavic Air, Mini, Mini SE 0.1.00.0500 and below allows a remote... High Unreviewed
CVE-2026-26673 was published Mar 4, 2026
Traefik: tcp router clears read deadlines before tls forwarding, enabling stalled handshakes (Slowloris DOS) High
CVE-2026-26999 was published for github.com/traefik/traefik/v2 (Go) Mar 4, 2026
1seal Credited to 1seal
Django vulnerable to Uncontrolled Resource Consumption High
CVE-2026-25673 was published for Django (pip) Mar 3, 2026
OpenClaw voice-call media stream validated streams after upgrade, which could allow pre-start unauthenticated sockets to increase resource pressure High
CVE-2026-32062 was published for @openclaw/voice-call (npm) Mar 2, 2026
jiseoung Credited to jiseoung
OliveTin has unauthenticated DoS via concurrent map writes in OAuth2 state handling High
CVE-2026-28789 was published for github.com/OliveTin/OliveTin (Go) Mar 2, 2026
kule500 Credited to kule500
OliveTin has Unauthenticated Denial of Service via Memory Exhaustion in PasswordHash API Endpoint High
CVE-2026-28342 was published for github.com/OliveTin/OliveTin (Go) Mar 2, 2026
fg0x0 Credited to fg0x0
TOTOLINK X5000R V9.1.0cu.2415_B20250515 contains a denial-of-service vulnerability in /cgi-bin... High Unreviewed
CVE-2025-67445 was published Feb 24, 2026
ImageMagick: Infinite loop vulnerability when parsing a PCD file High
CVE-2026-24485 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
Bematech (formerly Logic Controls, now Elgin) MP-4200 TH printer contains a denial of service... High Unreviewed
CVE-2019-25401 was published Feb 19, 2026
OpenClaw affected by denial of service via unbounded webhook request body buffering High
CVE-2026-28478 was published for clawdbot (npm) Feb 18, 2026
vincentkoc Credited to vincentkoc
OpenClaw affected by denial of service via unbounded URL-backed media fetch High
CVE-2026-29609 was published for openclaw (npm) Feb 18, 2026
vincentkoc Credited to vincentkoc
An issue in halo v.2.22.4 and before allows a remote attacker to cause a denial of service via a... High Unreviewed
CVE-2025-70886 was published Feb 12, 2026
Traefik: TCP readTimeout bypass via STARTTLS on Postgres High
CVE-2026-25949 was published for github.com/traefik/traefik/v3 (Go) Feb 12, 2026
manizada Credited to manizada
The issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26.3,... High Unreviewed
CVE-2026-20652 was published Feb 12, 2026
A denial-of-service issue was addressed with improved validation. This issue is fixed in watchOS... High Unreviewed
CVE-2026-20650 was published Feb 12, 2026
Sliver has DNS C2 OTP Bypass that Allows Unauthenticated Session Flooding and Denial of Service High
CVE-2026-25791 was published for github.com/bishopfox/sliver (Go) Feb 6, 2026
xtle0o0 Credited to xtle0o0
AdonisJS vulnerable to Denial of Service (DoS) via Unrestricted Memory Buffering in PartHandler during File Type Detection High
CVE-2026-25762 was published for @adonisjs/bodyparser (npm) Feb 6, 2026
ZeroXJacks Credited to ZeroXJacks
Water-Melon Melon commit 9df9292 and below is vulnerable to Denial of Service. The HTTP component... High Unreviewed
CVE-2025-71031 was published Feb 4, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database