Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
50
GitHub Actions
50
Go
3,673
Maven
5,000+
npm
5,000+
NuGet
932
pip
4,894
Pub
13
RubyGems
1,051
Rust
1,315
Swift
53
Unreviewed advisories
All unreviewed
5,000+

318 advisories

Loading
Marked Vulnerable to OOM Denial of Service via Infinite Recursion in marked Tokenizer High
CVE-2026-41680 was published for marked (npm) Apr 29, 2026
MaanVader Credited to MaanVader
In the Linux kernel, the following vulnerability has been resolved: wifi: wlcore: Return -ENOMEM... High Unreviewed
CVE-2026-31552 was published Apr 24, 2026
Uncontrolled resource consumption and loop with unreachable exit condition in facil.io and downstream iodine ruby gem High
CVE-2026-41146 was published for iodine (RubyGems) Apr 14, 2026
michaelknap Credited to michaelknap
Microsoft Security Advisory CVE-2026-33116 – .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability High
CVE-2026-33116 was published for System.Security.Cryptography.Xml (NuGet) Apr 14, 2026
DylanW01 Credited to DylanW01, briandesarmo, and nicky-dilemmagroep briandesarmo briandesarmo
nicky-dilemmagroep nicky-dilemmagroep
netavark has incorrect error handling for malformed tcp packets High
CVE-2026-35406 was published for netavark (Rust) Apr 7, 2026
dkane01 Credited to dkane01
XPath: Boolean expression infinite loop leads to denial of service via CPU exhaustion High
CVE-2026-32287 was published for github.com/antchfx/xpath (Go) Mar 29, 2026
Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input High
CVE-2026-33891 was published for node-forge (npm) Mar 26, 2026
Kr0emer Credited to Kr0emer
jsrsasign is vulnerable to DoS through Infinite Loop when processing zero or negative inputs High
CVE-2026-4598 was published for jsrsasign (npm) Mar 23, 2026
UltraJSON has an integer overflow handling large indent leads to buffer overflow or infinite loop High
CVE-2026-32875 was published for ujson (pip) Mar 18, 2026
vmfunc Credited to vmfunc and bwoodsend bwoodsend bwoodsend
music-metadata has an infinite loop vulnerability in ASF parser High
CVE-2026-32256 was published for music-metadata (npm) Mar 17, 2026
ByamB4 Credited to ByamB4
Micronaut vulnerable to DoS via crafted form-urlencoded body binding with descending array indices High
CVE-2026-33013 was published for io.micronaut:micronaut-json-core (Maven) Mar 17, 2026
shblue21 Credited to shblue21
Loop with Unreachable Exit Condition ('Infinite Loop') in ewe High
CVE-2026-32873 was published for ewe (Erlang) Mar 16, 2026
jtdowney Credited to jtdowney
A flaw was identified in the RAR5 archive decompression logic of the libarchive library,... High Unreviewed
CVE-2026-4111 was published Mar 13, 2026
It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does... High Unreviewed
CVE-2026-2219 was published Mar 7, 2026
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ixray-team ixray-1.6... High Unreviewed
CVE-2026-24831 was published Jan 27, 2026
A Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in the SIP application... High Unreviewed
CVE-2026-21905 was published Jan 15, 2026
Infinite Loop Denial of Service via Failed File Deletion in DB Electronica Telecomunicazioni S.p... High Unreviewed
CVE-2025-66252 was published Nov 26, 2025
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE... High Unreviewed
CVE-2025-20312 was published Sep 24, 2025
jsPDF Denial of Service (DoS) High
CVE-2025-57810 was published for jspdf (npm) Aug 26, 2025
AlexRomberg Credited to AlexRomberg
A vulnerability in the IKEv2 feature of Cisco IOS Software, IOS XE Software, Secure Firewall ASA... High Unreviewed
CVE-2025-20253 was published Aug 14, 2025
An issue was discovered in the demo/LINUXTCP implementation of cwalter-at freemodbus v.2018-09-12... High Unreviewed
CVE-2025-51986 was published Aug 14, 2025
A vulnerability in the function that performs IPv4 and IPv6 Network Address Translation (NAT) DNS... High Unreviewed
CVE-2025-20136 was published Aug 14, 2025
A vulnerability in the management and VPN web servers of Cisco Secure Firewall ASA Software and... High Unreviewed
CVE-2025-20243 was published Aug 14, 2025
A vulnerability in the packet inspection functionality of the Snort 3 Detection Engine of Cisco... High Unreviewed
CVE-2025-20217 was published Aug 14, 2025
quiche connection ID retirement can trigger an infinite loop High
CVE-2025-7054 was published for quiche (Rust) Aug 7, 2025
catenacyber Credited to catenacyber
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database