Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,479
Maven
5,000+
npm
5,000+
NuGet
886
pip
4,740
Pub
13
RubyGems
1,031
Rust
1,225
Swift
53
Unreviewed advisories
All unreviewed
5,000+

30 advisories

Loading
Wasmtime has improperly masked return value from `table.grow` with Winch compiler backend Moderate
CVE-2026-35186 was published for wasmtime (Rust) Apr 10, 2026
shumbo Credited to shumbo, bholley, and deian bholley bholley
deian deian
Duplicate Advisory: OpenClaw: Remote media error responses could trigger unbounded memory allocation before failure Moderate
GHSA-hm63-vwj4-mj2q was published for openclaw (npm) Apr 10, 2026 withdrawn
Wasmtime segfault or unused out-of-sandbox load with `f64x2.splat` operator on x86-64 Moderate
CVE-2026-34944 was published for wasmtime (Rust) Apr 9, 2026
shumbo Credited to shumbo and alexcrichton alexcrichton alexcrichton
opentelemetry-go: OTLP HTTP exporters read unbounded HTTP response bodies Moderate
CVE-2026-39882 was published for go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp (Go) Apr 8, 2026
1seal Credited to 1seal and pellared pellared pellared
Rails Active Storage has a possible DoS vulnerability when in proxy mode via Range requests Moderate
CVE-2026-33174 was published for activestorage (RubyGems) Mar 23, 2026
Metricbeat Allocates Memory with Excessive Size Value Leading to Denial of Service Moderate
CVE-2026-26931 was published for github.com/elastic/beats/v7 (Go) Mar 19, 2026
Sliver Vulnerable to Authenticated OOM via Memory Exhaustion in mTLS/WireGuard Transports Moderate
CVE-2026-32941 was published for github.com/bishopfox/sliver (Go) Mar 17, 2026
skoveit Credited to skoveit
Mattermost fails to limit the size of responses from integration action endpoints Moderate
CVE-2026-2456 was published for github.com/mattermost/mattermost-server (Go) Mar 16, 2026
Mattermost fails to bound memory allocation when processing DOC files Moderate
CVE-2026-25780 was published for github.com/mattermost/mattermost-server (Go) Mar 16, 2026
Mattermost fails to bound memory allocation when processing PSD image files Moderate
CVE-2026-26246 was published for github.com/mattermost/mattermost-server (Go) Mar 16, 2026
psd-tools: Compression module has unguarded zlib decompression, missing dimension validation, and hardening gaps Moderate
CVE-2026-27809 was published for psd-tools (pip) Feb 26, 2026
Wasmtime WASI implementations are vulnerable to guest-controlled resource exhaustion Moderate
CVE-2026-27204 was published for wasmtime (Rust) Feb 24, 2026
mbund Credited to mbund, alexcrichton, and pchickey alexcrichton alexcrichton
pchickey pchickey
EVE Freely Allocates Buffer on The Stack With Data From Socket Moderate
CVE-2023-43632 was published for github.com/lf-edge/eve (Go) Feb 4, 2026
rardecode: DoS risk due to unrestricted RAR dictionary sizes Moderate
CVE-2025-11579 was published for github.com/nwaples/rardecode (Go) Oct 10, 2025
kzantow Credited to kzantow
Apache ActiveMQ: Unchecked buffer length can cause excessive memory allocation Moderate
CVE-2025-27533 was published for org.apache.activemq:activemq-client (Maven) May 7, 2025
net-imap rubygem vulnerable to possible DoS by memory exhaustion Moderate
CVE-2025-43857 was published for net-imap (RubyGems) Apr 28, 2025
Masamuneee Credited to Masamuneee and nevans nevans nevans
Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination Moderate
CVE-2025-32386 was published for helm.sh/helm/v3 (Go) Apr 10, 2025
jake-ciolek Credited to jake-ciolek
Possible DoS by memory exhaustion in net-imap Moderate
CVE-2025-25186 was published for net-imap (RubyGems) Feb 10, 2025
manunio Credited to manunio and nevans nevans nevans
matrix-media-repo (MMR) allows a denial of service through memory exhaustion Moderate
CVE-2024-52791 was published for github.com/t2bot/matrix-media-repo (Go) Jan 16, 2025
SixLabors ImageSharp has Excessive Memory Allocation in Gif Decoder Moderate
CVE-2024-41132 was published for SixLabors.ImageSharp (NuGet) Jul 22, 2024
ErazerBrecht Credited to ErazerBrecht
@grpc/grpc-js can allocate memory for incoming messages well above configured limits Moderate
CVE-2024-37168 was published for @grpc/grpc-js (npm) Jun 10, 2024
jhump Credited to jhump
SixLabors.ImageSharp vulnerable to Memory Allocation with Excessive Size Value Moderate
CVE-2024-32035 was published for SixLabors.ImageSharp (NuGet) Apr 15, 2024
skanejohan Credited to skanejohan
docconv vulnerable to Memory Allocation with Excessive Size Value Moderate
CVE-2022-4741 was published for code.sajari.com/docconv (Go) Dec 25, 2022
Symfony Denial of Service Via Long Password Hashing Moderate
CVE-2013-5958 was published for symfony/polyfill (Composer) May 17, 2022
Allocation of Resources Without Limits or Throttling and Uncontrolled Memory Allocation in Kubernetes Moderate
CVE-2020-8551 was published for k8s.io/kubernetes (Go) Feb 15, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database