Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,272
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,521
Pub
12
RubyGems
1,007
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

49 advisories

Loading
UltraJSON has a Memory Leak parsing large integers allows DoS High
CVE-2026-32874 was published for ujson (pip) Mar 18, 2026
Skevros Credited to Skevros and bwoodsend bwoodsend bwoodsend
The Eclipse Jetty Server Artifact has a Gzip request memory leak High
CVE-2026-1605 was published for org.eclipse.jetty:jetty-server (Maven) Mar 5, 2026
glebashnik Credited to glebashnik and bjorncs bjorncs bjorncs
ImageMagick: Memory Leak in multiple coders that write raw pixel data Low
GHSA-wfx3-6g53-9fgc was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 25, 2026
ylwango613 Credited to ylwango613
ImageMagick: Memory leak in coders/txt.c without freetype Low
GHSA-3q5f-gmjc-38r8 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 25, 2026
unbengable12 Credited to unbengable12
ImageMagick: MSL image stack index may fail to refresh, leading to leaked images Moderate
CVE-2026-25988 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
Image Magick has a Memory Leak in coders/ashlar.c Moderate
CVE-2026-25969 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
unbengable12 Credited to unbengable12
ImageMagick has memory leak of watermark Image object in ReadSTEGANOImage on multiple error/early-return paths Moderate
CVE-2026-25796 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
ImageMagick has memory leak in msl encoder Moderate
CVE-2026-25638 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
unbengable12 Credited to unbengable12
ImageMagick: Possible memory leak in ASHLAR encoder Moderate
CVE-2026-25637 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
webtransport-go: Memory Exhaustion Attack due to Missing Cleanup of Streams Map Moderate
CVE-2026-21438 was published for github.com/quic-go/webtransport-go (Go) Feb 12, 2026
Improper Memory Cleanup in the Okta Java SDK Moderate
CVE-2025-66033 was published for com.okta.sdk:okta-sdk-root (Maven) Dec 10, 2025
pyckle Credited to pyckle
containerd CRI server: Host memory exhaustion through Attach goroutine leak Moderate
CVE-2025-64329 was published for github.com/containerd/containerd (Go) Nov 6, 2025
Wheat2018 Credited to Wheat2018
Liferay Portal and DXP vulnerable to a memory leak Moderate
CVE-2025-43816 was published for com.liferay:com.liferay.portal.vulcan.impl (Maven) Sep 25, 2025
ImageMagick has a Memory Leak in magick stream Low
CVE-2025-53019 was published for Magick.NET-Q16-AnyCPU (NuGet) Aug 25, 2025
momo-trip Credited to momo-trip, YutoIn, iwashiira, and utshina YutoIn YutoIn
iwashiira iwashiira utshina utshina
Multer vulnerable to Denial of Service via memory leaks from unclosed streams High
CVE-2025-47935 was published for multer (npm) May 19, 2025
ctcpip Credited to ctcpip, UlisesGascon, and UnlimitedBytes UlisesGascon UlisesGascon
UnlimitedBytes UnlimitedBytes
undici Denial of Service attack via bad certificate data Low
CVE-2025-47279 was published for undici (npm) May 15, 2025
styfle Credited to styfle and mcollina mcollina mcollina
Infinispan Potential Out of Memory Error via REST Compare API Buffer API Moderate
CVE-2024-6875 was published for org.infinispan:infinispan-query (Maven) Mar 28, 2025
io.quarkus:quarkus-resteasy: Memory Leak in Quarkus RESTEasy Classic When Client Requests Timeout High
CVE-2025-1634 was published for io.quarkus:quarkus-resteasy (Maven) Feb 26, 2025
r3kumar Credited to r3kumar
go-crypto-winnative BCryptGenerateSymmetricKey memory leak High
CVE-2025-25199 was published for github.com/microsoft/go-crypto-winnative (Go) Feb 12, 2025
clarkb7 Credited to clarkb7
ic-cdk has a memory leak when calling a canister method via `ic_cdk::call` High
CVE-2024-7884 was published for ic_cdk (Rust) Sep 5, 2024
adamspofford-dfinity Credited to adamspofford-dfinity
Apache CXF allows unrestricted memory consumption in CXF HTTP clients Moderate
CVE-2024-41172 was published for org.apache.cxf:cxf-rt-transports-http (Maven) Jul 19, 2024
Undertow Missing Release of Memory after Effective Lifetime vulnerability Moderate
CVE-2024-3653 was published for io.undertow:undertow-core (Maven) Jul 9, 2024
jw123023 Credited to jw123023
ic-stable-structures vulnerable to BTreeMap memory leak when deallocating nodes with overflows Moderate
CVE-2024-4435 was published for ic-stable-structures (Rust) May 21, 2024
ielashi Credited to ielashi
Memory leaks in code encrypting and verifying RSA payloads High
CVE-2024-1394 was published for github.com/golang-fips/go (Go) Mar 20, 2024
qmuntal Credited to qmuntal, r3kumar, and andrewpollock r3kumar r3kumar
andrewpollock andrewpollock
Remote Denial of Service Vulnerability in Microsoft QUIC High
GHSA-2x7m-gf85-3745 was published for Microsoft.Native.Quic.MsQuic.OpenSSL (NuGet) Mar 13, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database