Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
50
GitHub Actions
50
Go
3,679
Maven
5,000+
npm
5,000+
NuGet
932
pip
4,908
Pub
13
RubyGems
1,053
Rust
1,318
Swift
53
Unreviewed advisories
All unreviewed
5,000+

720 advisories

Loading
Pillow has a PDF Parsing Trailer Infinite Loop (DoS) Moderate
CVE-2026-42310 was published for pillow (pip) May 4, 2026
kexinoh Credited to kexinoh
SANE protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows... Moderate Unreviewed
CVE-2026-6531 was published Apr 30, 2026
DLMS/COSEM protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 Moderate Unreviewed
CVE-2026-6536 was published Apr 30, 2026
USB HID protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows... Moderate Unreviewed
CVE-2026-6534 was published Apr 30, 2026
SMB2 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows... Moderate Unreviewed
CVE-2026-5407 was published Apr 30, 2026
A flaw was identified in the RAR5 archive decompression logic of the libarchive library,... High Unreviewed
CVE-2026-4111 was published Mar 13, 2026
GNW protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows... Moderate Unreviewed
CVE-2026-6523 was published Apr 30, 2026
OpenFlow v6 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14... Moderate Unreviewed
CVE-2026-6520 was published Apr 30, 2026
MBIM protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows... Moderate Unreviewed
CVE-2026-6519 was published Apr 30, 2026
OpenFlow v5 protocol dissector infinite loops in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14... Moderate Unreviewed
CVE-2026-6521 was published Apr 30, 2026
TLS protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 allows denial of service Moderate Unreviewed
CVE-2026-6528 was published Apr 30, 2026
RPKI-Router protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14... Moderate Unreviewed
CVE-2026-6522 was published Apr 30, 2026
UDS protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows... Moderate Unreviewed
CVE-2026-7375 was published Apr 30, 2026
Marked Vulnerable to OOM Denial of Service via Infinite Recursion in marked Tokenizer High
CVE-2026-41680 was published for marked (npm) Apr 29, 2026
MaanVader Credited to MaanVader
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix ERTM... Moderate Unreviewed
CVE-2026-31498 was published Apr 22, 2026
In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: validate inner... Moderate Unreviewed
CVE-2026-31472 was published Apr 22, 2026
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix call removal to... Moderate Unreviewed
CVE-2026-31642 was published Apr 24, 2026
In the Linux kernel, the following vulnerability has been resolved: wifi: wlcore: Return -ENOMEM... High Unreviewed
CVE-2026-31552 was published Apr 24, 2026
In OpenBSD through 7.8, the slaacd and rad daemons have an infinite loop when they receive a... Moderate Unreviewed
CVE-2026-41285 was published Apr 21, 2026
Uncontrolled resource consumption and loop with unreachable exit condition in facil.io and downstream iodine ruby gem High
CVE-2026-41146 was published for iodine (RubyGems) Apr 14, 2026
michaelknap Credited to michaelknap
Loop with Unreachable Exit Condition ('Infinite Loop') in ewe High
CVE-2026-32873 was published for ewe (Erlang) Mar 16, 2026
jtdowney Credited to jtdowney
In the Linux kernel, the following vulnerability has been resolved: apparmor: fix differential... Moderate Unreviewed
CVE-2026-23409 was published Apr 1, 2026
netavark has incorrect error handling for malformed tcp packets High
CVE-2026-35406 was published for netavark (Rust) Apr 7, 2026
dkane01 Credited to dkane01
OpenMcdf has an Infinite loop DoS via crafted CFB directory cycle Moderate
CVE-2026-41511 was published for OpenMcdf (NuGet) Apr 22, 2026
pawlos Credited to pawlos
justhtml has sanitization bypass in custom policies and programmatic DOM Moderate
GHSA-vrx2-77f2-ww34 was published for justhtml (pip) Apr 22, 2026
EmilStenstrom Credited to EmilStenstrom
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database