Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,405
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,641
Pub
13
RubyGems
1,026
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

1,590 advisories

Loading
jackson-core has Nesting Depth Constraint Bypass in `UTF8DataInputJsonParser` potentially allowing Resource Exhaustion High
CVE-2026-29062 was published for tools.jackson.core:jackson-core (Maven) Mar 4, 2026
sprabhav7 Credited to sprabhav7 and rohan-repos rohan-repos rohan-repos
A vulnerability in the Remote Access SSL VPN functionality of Cisco Secure Firewall Adaptive... High Unreviewed
CVE-2026-20103 was published Mar 4, 2026
Traefik has unbounded io.ReadAll on auth server response body that causes OOM DOS Moderate
CVE-2026-26998 was published for github.com/traefik/traefik/v2 (Go) Mar 4, 2026
sm1ee Credited to sm1ee
OpenClaw has pre-auth webhook body parsing that can enable unauthenticated slow-request DoS Moderate
CVE-2026-32011 was published for openclaw (npm) Mar 3, 2026
GCXWLP Credited to GCXWLP
OpenClaw: Unauthorized Telegram Senders Trigger Media Download and Disk Write Before Access Check Moderate
GHSA-h656-5vcf-cm23 was published for openclaw (npm) Mar 3, 2026
v8hid Credited to v8hid
Underscore has unlimited recursion in _.flatten and _.isEqual, potential for DoS attack High
CVE-2026-27601 was published for underscore (npm) Mar 3, 2026
ByamB4 Credited to ByamB4 and jgonggrijp jgonggrijp jgonggrijp
Django vulnerable to Uncontrolled Resource Consumption High
CVE-2026-25673 was published for Django (pip) Mar 3, 2026
OpenClaw has hook auth rate limiter bypass via IPv4-mapped IPv6 client key variants Moderate
GHSA-5847-rm3g-23mw was published for openclaw (npm) Mar 3, 2026
OpenClaw voice-call media stream validated streams after upgrade, which could allow pre-start unauthenticated sockets to increase resource pressure High
CVE-2026-32062 was published for @openclaw/voice-call (npm) Mar 2, 2026
jiseoung Credited to jiseoung
OpenClaw's inbound media downloads could exceed configured byte limits before rejection across multiple channels High
CVE-2026-32049 was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
OliveTin has Unauthenticated Denial of Service via Memory Exhaustion in PasswordHash API Endpoint High
CVE-2026-28342 was published for github.com/OliveTin/OliveTin (Go) Mar 2, 2026
fg0x0 Credited to fg0x0
joserfc's PBES2 p2c Unbounded Iteration Count enables Denial of Service (DoS) High
CVE-2026-27932 was published for joserfc (pip) Mar 2, 2026
Jaynornj Credited to Jaynornj and Pr00fOf3xpl0it Pr00fOf3xpl0it Pr00fOf3xpl0it
SvelteKit has deserialization expansion in unvalidated `form` remote function leading to Denial of Service (experimental only) Low
GHSA-fpg4-jhqr-589c was published for @sveltejs/kit (npm) Feb 28, 2026
elliott-with-the-longest-name-on-github Credited to elliott-with-the-longest-name-on-github and jviide jviide jviide
jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition Moderate
GHSA-72hv-8253-57qq was published for com.fasterxml.jackson.core:jackson-core (Maven) Feb 28, 2026
sprabhav7 Credited to sprabhav7, rohan-repos, and neilmadden-hazelcast rohan-repos rohan-repos
neilmadden-hazelcast neilmadden-hazelcast
Astro has memory exhaustion DoS due to missing request body size limit in Server Actions Moderate
CVE-2026-27729 was published for @astrojs/node (npm) Feb 25, 2026
pHo9UBenaA Credited to pHo9UBenaA
zae-limiter: DynamoDB hot partition throttling enables per-entity Denial of Service Moderate
CVE-2026-27695 was published for zae-limiter (pip) Feb 25, 2026
sodre Credited to sodre
GitLab has remediated an issue in GitLab CE/EE affecting versions from 18.9 before 18.9.1 that... Moderate Unreviewed
CVE-2026-1725 was published Feb 25, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.4 before 18.7.5, 18... High Unreviewed
CVE-2026-1662 was published Feb 25, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.0 before 18.7.5, 18... Moderate Unreviewed
CVE-2025-3525 was published Feb 25, 2026
An issue has been discovered in GitLab CE/EE affecting all versions from 11.2 before 18.7.5, 18.8... Moderate Unreviewed
CVE-2026-2845 was published Feb 25, 2026
USB HID protocol dissector memory exhaustion in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13... Moderate Unreviewed
CVE-2026-3201 was published Feb 25, 2026
Wasmtime can panic when adding excessive fields to a `wasi:http/types.fields` instance Moderate
CVE-2026-27572 was published for wasmtime (Rust) Feb 24, 2026
alexcrichton Credited to alexcrichton
Fiber is Vulnerable to Denial of Service via Flash Cookie Unbounded Allocation High
CVE-2026-25899 was published for github.com/gofiber/fiber/v3 (Go) Feb 24, 2026
tuliperis Credited to tuliperis and gaby gaby gaby
Wasmtime WASI implementations are vulnerable to guest-controlled resource exhaustion Moderate
CVE-2026-27204 was published for wasmtime (Rust) Feb 24, 2026
mbund Credited to mbund, alexcrichton, and pchickey alexcrichton alexcrichton
pchickey pchickey
nats-server websockets are vulnerable to pre-auth memory DoS Moderate
CVE-2026-27571 was published for github.com/nats-io/nats-server (Go) Feb 24, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database