GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
9 advisories
Local settings bypass config trust checks
High
CVE-2026-35533
was published
for
mise
(Rust)
Apr 7, 2026
Vite: `server.fs.deny` bypassed with queries
High
CVE-2026-39364
was published
for
vite
(npm)
Apr 6, 2026
Tinyauth has OAuth account confusion via shared mutable state on singleton service instances
High
CVE-2026-33544
was published
for
github.com/steveiliop56/tinyauth
(Go)
Apr 1, 2026
go-git: Maliciously crafted idx file can cause asymmetric memory consumption
Moderate
CVE-2026-34165
was published
for
github.com/go-git/go-git/v5
(Go)
Mar 30, 2026
go-git missing validation decoding Index v4 files leads to panic
Low
CVE-2026-33762
was published
for
github.com/go-git/go-git/v5
(Go)
Mar 30, 2026
yaml is vulnerable to Stack Overflow via deeply nested YAML collections
Moderate
CVE-2026-33532
was published
for
yaml
(npm)
Mar 25, 2026
Denial of service via non-terminating SYLT frame parsing loop in tinytag
Moderate
CVE-2026-32889
was published
for
tinytag
(pip)
Mar 19, 2026
Dasel has unbounded YAML alias expansion in dasel leads to CPU/memory denial of service
Moderate
CVE-2026-33320
was published
for
github.com/tomwright/dasel/v3
(Go)
Mar 19, 2026
Uncontrolled recursion DoS in JustHTML() via deeply nested HTML
High
GHSA-v7cf-c9rm-wm3j
was published
for
justhtml
(pip)
Mar 17, 2026
ProTip!
Advisories are also available from the
GraphQL API