Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
50
GitHub Actions
50
Go
3,673
Maven
5,000+
npm
5,000+
NuGet
932
pip
4,891
Pub
13
RubyGems
1,051
Rust
1,315
Swift
53
Unreviewed advisories
All unreviewed
5,000+

344 advisories

Loading
webonyx/graphql-php has unbounded recursion in parser that causes stack overflow on crafted nested input High
GHSA-r7cg-qjjm-xhqq was published for webonyx/graphql-php (Composer) May 5, 2026
d0cs1s-bzhunt Credited to d0cs1s-bzhunt and BZHunt BZHunt BZHunt
An issue was discovered in Nix before 2.34.7 and Lix before 2.95.2. Unbounded recursion in the... High Unreviewed
CVE-2026-44028 was published May 5, 2026
Axios: unbounded recursion in toFormData causes DoS via deeply nested request data Moderate
CVE-2026-42039 was published for axios (npm) May 5, 2026
fg0x0 Credited to fg0x0
ASN.1 PER protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial... Moderate Unreviewed
CVE-2026-6527 was published Apr 30, 2026
Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters. This can... High Unreviewed
CVE-2026-7164 was published Apr 30, 2026
ICMPv6 PvD protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial... Moderate Unreviewed
CVE-2026-5299 was published Apr 30, 2026
FC-SWILS protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial... Moderate Unreviewed
CVE-2026-5406 was published Apr 30, 2026
AFP Spotlight protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows... Moderate Unreviewed
CVE-2026-5401 was published Apr 30, 2026
BT-DHT protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of... Moderate Unreviewed
CVE-2026-5408 was published Apr 30, 2026
Monero protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of... Moderate Unreviewed
CVE-2026-5409 was published Apr 30, 2026
Marked Vulnerable to OOM Denial of Service via Infinite Recursion in marked Tokenizer High
CVE-2026-41680 was published for marked (npm) Apr 29, 2026
MaanVader Credited to MaanVader
Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings This issue affects Apache... High Unreviewed
CVE-2026-41636 was published Apr 28, 2026
Uncontrolled Recursion vulnerability in Apache Thrift. This issue affects Apache Thrift: before... Moderate Unreviewed
CVE-2026-41606 was published Apr 28, 2026
Nmap 7.70 contains a denial of service vulnerability that allows local attackers to crash the... Moderate Unreviewed
CVE-2018-25282 was published Apr 27, 2026
liquidjs has a Denial of Service via circular block reference in layout High
CVE-2026-41311 was published for liquidjs (npm) Apr 24, 2026
1netvn Credited to 1netvn
xmldom: Uncontrolled recursion in XML serialization leads to DoS High
CVE-2026-41673 was published for @xmldom/xmldom (npm) Apr 22, 2026
Jvr2022 Credited to Jvr2022, praveen-kv, and KarimTantawey praveen-kv praveen-kv
KarimTantawey KarimTantawey
A flaw was found in libefiboot, a component of efivar. The device path node parser in libefiboot... Moderate Unreviewed
CVE-2026-6862 was published Apr 22, 2026
OpenBao: Decompression Bomb via Unbounded Copy in OCI Plugin Extraction (DoS) Low
CVE-2026-39396 was published for github.com/openbao/openbao (Go) Apr 21, 2026
n1rwhex Credited to n1rwhex
Meridian: Multiple defense-in-depth gaps (collection/depth caps, telemetry, retry, fan-out) High
GHSA-f5v8-v6q3-q4h6 was published for Meridian.Mapping (NuGet) Apr 16, 2026
ChilliCream GraphQL Platform: Utf8GraphQLParser Stack Overflow via Deeply Nested GraphQL Documents Critical
CVE-2026-40324 was published for HotChocolate.Language (NuGet) Apr 16, 2026
BZHunt Credited to BZHunt
ImageMagick has a Stack Overflow via Recursive FX Expression Parsing Moderate
CVE-2026-33902 was published for Magick.NET-Q16-AnyCPU (NuGet) Apr 14, 2026
fumfel Credited to fumfel
Nest Affected by DoS via Recursive handleData in JsonSocket (TCP Transport) High
CVE-2026-40879 was published for @nestjs/microservices (npm) Apr 14, 2026
hwpark6804-gif Credited to hwpark6804-gif and kamilmysliwiec kamilmysliwiec kamilmysliwiec
ImageMagick has a Stack Overflow in DestroyXMLTree() High
CVE-2026-33908 was published for Magick.NET-Q16-AnyCPU (NuGet) Apr 14, 2026
unbengable12 Credited to unbengable12
FastFeedParser has an infinite redirect loop DoS via meta-refresh chain High
CVE-2026-39376 was published for fastfeedparser (pip) Apr 8, 2026
redyank Credited to redyank
@stablelib/cbor: Stack exhaustion Denial of Service via deeply nested CBOR arrays, maps, or tags High
GHSA-5jg4-p4qw-cgfr was published for @stablelib/cbor (npm) Apr 4, 2026
Jvr2022 Credited to Jvr2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database