Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
47
Go
3,340
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,549
Pub
12
RubyGems
1,012
Rust
1,202
Swift
51
Unreviewed advisories
All unreviewed
5,000+

1,561 advisories

Loading
Fleet's unbounded request body read allows remote Denial of Service High
CVE-2026-26061 was published for github.com/fleetdm/fleet/v4 (Go) Mar 27, 2026
MagnusHJensen Credited to MagnusHJensen
Incus vulnerable to denial of source through crafted bucket backup file Moderate
CVE-2026-33743 was published for github.com/lxc/incus (Go) Mar 27, 2026
stamparm Credited to stamparm and stgraber stgraber stgraber
TSPortal's Uncontrolled User Creation via Validation Side Effects Leads to Potential Denial of Service Moderate
CVE-2026-33541 was published for miraheze/ts-portal (Composer) Mar 27, 2026
Universal-Omega Credited to Universal-Omega
OpenClaw: Remote media error responses could trigger unbounded memory allocation before failure High
GHSA-4qwc-c7g9-4xcw was published for openclaw (npm) Mar 26, 2026
Netty HTTP/2 CONTINUATION Frame Flood DoS via Zero-Byte Frame Bypass High
CVE-2026-33871 was published for io.netty:netty-codec-http2 (Maven) Mar 26, 2026
sprabhav7 Credited to sprabhav7
A flaw was found in polkit. A local user can exploit this by providing a specially crafted,... Moderate Unreviewed
CVE-2026-4897 was published Mar 26, 2026
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions <... High Unreviewed
CVE-2026-27663 was published Mar 26, 2026
Rails Active Storage has a possible DoS vulnerability in proxy mode via multi-range requests Low
CVE-2026-33658 was published for activestorage (RubyGems) Mar 25, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.8.7, 18... Moderate Unreviewed
CVE-2025-13436 was published Mar 25, 2026
Scriban: Denial of Service via Unbounded Cumulative Template Output Bypassing LimitToString Moderate
GHSA-m2p3-hwv5-xpqw was published for Scriban (NuGet) Mar 24, 2026
offset Credited to offset
Scriban: Uncontrolled Memory Allocation via string.pad_left/pad_right Allows Remote Denial of Service High
GHSA-v66j-x4hw-fv9g was published for Scriban (NuGet) Mar 24, 2026
offset Credited to offset
NATS is vulnerable to pre-auth DoS through WebSockets client service Moderate
CVE-2026-33219 was published for github.com/nats-io/nats-server (Go) Mar 24, 2026
PinchTab: Unapplied Rate Limiting Middleware Allows Unbounded Brute-Force of API Token Moderate
CVE-2026-33621 was published for github.com/pinchtab/pinchtab (Go) Mar 24, 2026
mean3374 Credited to mean3374
Astro: Memory exhaustion DoS due to missing request body size limit in Server Islands Moderate
CVE-2026-29772 was published for @astrojs/node (npm) Mar 24, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
ConcreteCMS is vulnerable to Denial of Service During Bulk Downloads Moderate
CVE-2026-30662 was published for concrete5/concrete5 (Composer) Mar 24, 2026
Undertow: Denial of Service via Multipart/Form-Data Parsing on HTTP GET Requests Moderate
CVE-2026-3260 was published for io.undertow:undertow-core (Maven) Mar 24, 2026
Rails Active Support has a possible DoS vulnerability in its number helpers Moderate
CVE-2026-33176 was published for activesupport (RubyGems) Mar 23, 2026
Duplicate Advisory: OpenClaw's inbound media downloads could exceed configured byte limits before rejection across multiple channels High
GHSA-xq3g-m3j8-2vmm was published for openclaw (npm) Mar 21, 2026 withdrawn
AVideo Affected by Unauthenticated Disk Space Exhaustion via Unlimited Temp File Creation in aVideoEncoderChunk.json.php High
CVE-2026-33483 was published for wwbn/avideo (Composer) Mar 20, 2026
offset Credited to offset
Scriban Affected by Memory Exhaustion (OOM) via Unbounded String Generation (Denial of Service) Moderate
GHSA-5rpf-x9jg-8j5p was published for scriban (NuGet) Mar 19, 2026
skdishansachin Credited to skdishansachin
NiceGUI's unvalidated chunk size parameter in media routes can cause memory exhaustion Moderate
CVE-2026-33332 was published for nicegui (pip) Mar 19, 2026
aest3ra Credited to aest3ra, oxqnd, mjkim610, evnchn, Khaliun-sw1, and falkoschindler oxqnd oxqnd
mjkim610 mjkim610 evnchn evnchn Khaliun-sw1 Khaliun-sw1 falkoschindler falkoschindler
Salvo Affected by Denial of Service via Unbounded Memory Allocation in Form Data Parsing High
CVE-2026-33241 was published for salvo (Rust) Mar 19, 2026
yshing Credited to yshing
OpenClaw versions prior to 2026.3.1 contain an unbounded memory growth vulnerability in the Zalo... High Unreviewed
CVE-2026-28461 was published Mar 19, 2026
IBM i 7.6 could allow a remote attacker to cause a denial of service using failed authentication... High Unreviewed
CVE-2026-1376 was published Mar 18, 2026
Micronaut Framework vulnerable to a Denial of Service in HTML error response caching High
CVE-2026-33012 was published for io.micronaut:micronaut-http-server (Maven) Mar 17, 2026
shblue21 Credited to shblue21
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database