Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
43
Go
3,164
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,458
Pub
12
RubyGems
991
Rust
1,184
Swift
50
Unreviewed advisories
All unreviewed
5,000+

1,441 advisories

Loading
file-type: ZIP Decompression Bomb DoS via [Content_Types].xml entry Moderate
CVE-2026-32630 was published for file-type (npm) Mar 13, 2026
ByamB4 Credited to ByamB4
Gokapi vulnerable to DoS in E2E Metadata Parser Moderate
CVE-2026-30955 was published for github.com/forceu/gokapi (Go) Mar 13, 2026
Sijisu Credited to Sijisu and Forceu Forceu Forceu
ImageMagick: Specially crafted SVG leads to segmentation fault and generate trash files in "/tmp", possible to leverage DoS Moderate
CVE-2023-1289 was published for Magick.NET-Q16-AnyCPU (NuGet) Mar 12, 2026
Im10n Credited to Im10n
Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with... Moderate Unreviewed
CVE-2025-69646 was published Mar 6, 2026
Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with... Moderate Unreviewed
CVE-2025-69645 was published Mar 6, 2026
An issue was discovered in Binutils before 2.46. The objdump contains a denial-of-service... Moderate Unreviewed
CVE-2025-69644 was published Mar 6, 2026
Python-Markdown has an Uncaught Exception Moderate
CVE-2025-69534 was published for Markdown (pip) Mar 5, 2026
Multiple Cisco products are affected by a vulnerability in the Snort 3 Detection Engine that... Moderate Unreviewed
CVE-2026-20066 was published Mar 4, 2026
A technique has been identified that adapts a known port-stealing method to Wi-Fi environments... Moderate Unreviewed
CVE-2026-23809 was published Mar 4, 2026
OpenClaw skills-install-download: tar.bz2 extraction bypassed archive safety parity checks (local DoS) Moderate
GHSA-77hf-7fqf-f227 was published for openclaw (npm) Mar 3, 2026
GCXWLP Credited to GCXWLP
OpenClaw has pre-auth webhook body parsing that can enable unauthenticated slow-request DoS Moderate
GHSA-x4vp-4235-65hg was published for openclaw (npm) Mar 3, 2026
GCXWLP Credited to GCXWLP
OpenClaw's inbound media downloads could exceed configured byte limits before rejection across multiple channels Moderate
GHSA-rxxp-482v-7mrh was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
`melange update-cache` has unbounded HTTP download that can exhaust disk in CI Moderate
CVE-2026-29049 was published for chainguard.dev/melange (Go) Mar 2, 2026
1seal Credited to 1seal, antitree, and 89luca89 antitree antitree
89luca89 89luca89
OpenClaw has unbounded memory growth in Zalo webhook via query-string key churn (unauthenticated DoS) Moderate
GHSA-wr6m-jg37-68xh was published for openclaw (npm) Mar 2, 2026
Somet2mes Credited to Somet2mes and migraine-sudo migraine-sudo migraine-sudo
malcontent: Error-path cleanup gap can leak scanners and fds and degrade availability Moderate
GHSA-54p8-x2m9-c593 was published for github.com/chainguard-dev/malcontent (Go) Mar 2, 2026
1seal Credited to 1seal, stevebeattie, and egibs stevebeattie stevebeattie
egibs egibs
pypdf: Manipulated RunLengthDecode streams can exhaust RAM Moderate
CVE-2026-28351 was published for pypdf (pip) Feb 28, 2026
bugbunny-research Credited to bugbunny-research and stefan6419846 stefan6419846 stefan6419846
Uncontrolled Resource Consumption (CWE-400) in the Timelion component in Kibana can lead Denial... Moderate Unreviewed
CVE-2026-26937 was published Feb 26, 2026
pypdf: Manipulated FlateDecode XFA streams can exhaust RAM Moderate
CVE-2026-27888 was published for pypdf (pip) Feb 26, 2026
bekkaze Credited to bekkaze and stefan6419846 stefan6419846 stefan6419846
Wasmtime WASI implementations are vulnerable to guest-controlled resource exhaustion Moderate
CVE-2026-27204 was published for wasmtime (Rust) Feb 24, 2026
mbund Credited to mbund, alexcrichton, and pchickey alexcrichton alexcrichton
pchickey pchickey
ImageMagick has infinite loop when writing IPTCTEXT leads to denial of service via crafted profile Moderate
CVE-2026-26066 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
ImageMagick: Converting multi-layer nested MVG to SVG can cause DoS Moderate
CVE-2026-24484 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
Moodle TeX formula editor is vulnerable to DoS through lack of execution time limits Moderate
CVE-2026-26047 was published for moodle/moodle (Composer) Feb 21, 2026
OpenClaw: ACP prompt-size checks missing in local stdio bridge could reduce responsiveness with very large inputs Moderate
CVE-2026-27576 was published for openclaw (npm) Feb 20, 2026
aether-ai-agent Credited to aether-ai-agent
OpenClaw has a Web Fetch DoS via unbounded response parsing Moderate
CVE-2026-28394 was published for openclaw (npm) Feb 19, 2026
xuemian168 Credited to xuemian168 and ShangzhiXu ShangzhiXu ShangzhiXu
In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.8, 9.3.9, and 9.2.12, and Splunk Cloud... Moderate Unreviewed
CVE-2026-20139 was published Feb 18, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database