Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
50
GitHub Actions
50
Go
3,673
Maven
5,000+
npm
5,000+
NuGet
932
pip
4,891
Pub
13
RubyGems
1,051
Rust
1,315
Swift
53
Unreviewed advisories
All unreviewed
5,000+

69 advisories

Loading
Twisted has a Denial of Service (DoS) in twisted.names via Crafted DNS Compression Pointer Chains High
CVE-2026-42304 was published for Twisted (pip) May 5, 2026
tomasilluminati Credited to tomasilluminati
webonyx/graphql-php has quadratic validation cost in OverlappingFieldsCanBeMerged via inline fragments High
GHSA-fc86-6rv6-2jpm was published for webonyx/graphql-php (Composer) May 4, 2026
d0cs1s-bzhunt Credited to d0cs1s-bzhunt and BZHunt BZHunt BZHunt
net-imap has quadratic complexity when reading response literals Low
CVE-2026-42245 was published for net-imap (RubyGems) May 4, 2026
Masamuneee Credited to Masamuneee
Nordic Semiconductor IronSide SE for nRF54H20 before 23.0.2+17 has an Algorithmic complexity issue. High Unreviewed
CVE-2025-67841 was published Apr 15, 2026
graphql-php is affected by a Denial of Service via quadratic complexity in OverlappingFieldsCanBeMerged validation Moderate
CVE-2026-40476 was published for webonyx/graphql-php (Composer) Apr 14, 2026
Vikunja has Algorithmic Complexity DoS in Repeating Task Handler Moderate
CVE-2026-35599 was published for code.vikunja.io/api (Go) Apr 10, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
Pretext: Algorithmic Complexity (DoS) in the text analysis phase High
GHSA-5478-66c3-rhxr was published for @chenglou/pretext (npm) Apr 8, 2026
NapongiZero Credited to NapongiZero
Django has potential DoS via MultiPartParser through crafted multipart uploads Moderate
CVE-2026-33033 was published for Django (pip) Apr 7, 2026
Rack has quadratic complexity in Rack::Utils.select_best_encoding via wildcard Accept-Encoding header High
CVE-2026-34230 was published for rack (RubyGems) Apr 2, 2026
kwkr Credited to kwkr, jeremyevans, and ioquatix jeremyevans jeremyevans
ioquatix ioquatix
Rack's multipart header parsing allows Denial of Service via escape-heavy quoted parameters High
CVE-2026-34827 was published for rack (RubyGems) Apr 2, 2026
TaiPhung217 Credited to TaiPhung217, jeremyevans, and ioquatix jeremyevans jeremyevans
ioquatix ioquatix
parse-server has GraphQL complexity validator exponential fragment traversal DoS High
CVE-2026-34573 was published for parse-server (npm) Mar 31, 2026
bugbunny-research Credited to bugbunny-research and mtrezza mtrezza mtrezza
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.8.7, 18... High Unreviewed
CVE-2026-3988 was published Mar 25, 2026
pypdf has inefficient decoding of array-based streams Moderate
CVE-2026-33123 was published for pypdf (pip) Mar 18, 2026
kule500 Credited to kule500 and stefan6419846 stefan6419846 stefan6419846
pypdf vulnerable to inefficient decoding of ASCIIHexDecode streams Moderate
CVE-2026-28804 was published for pypdf (pip) Mar 2, 2026
kule500 Credited to kule500 and stefan6419846 stefan6419846 stefan6419846
minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments High
CVE-2026-27903 was published for minimatch (npm) Feb 26, 2026
dolevmiz1 Credited to dolevmiz1
golang.org/x/net/html has a Quadratic Parsing Complexity issue Moderate
CVE-2025-47911 was published for golang.org/x/net/html (Go) Feb 12, 2026
A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU ... Moderate Unreviewed
CVE-2025-14831 was published Feb 9, 2026
Django has Inefficient Algorithmic Complexity Low
CVE-2026-1285 was published for Django (pip) Feb 3, 2026
Django has Inefficient Algorithmic Complexity Low
CVE-2025-14550 was published for Django (pip) Feb 3, 2026
Mattermost is vulnerable to CPU exhaustion via crafted HTTP request Low
CVE-2025-14822 was published for github.com/mattermost/mattermost-server (Go) Jan 16, 2026
flagd: Multiple Go Runtime CVEs Impact Security and Availability High
GHSA-4c5f-9mj4-m247 was published for github.com/open-feature/flagd/core (Go) Jan 5, 2026
pramod-ahire Credited to pramod-ahire
When building nested elements using xml.dom.minidom methods such as appendChild() that have a... Moderate Unreviewed
CVE-2025-12084 was published Dec 3, 2025
Django is vulnerable to DoS via XML serializer text extraction Moderate
CVE-2025-64460 was published for Django (pip) Dec 2, 2025
In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of... Low Unreviewed
CVE-2025-66382 was published Nov 28, 2025
Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of... High Unreviewed
CVE-2025-11230 was published Nov 19, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database