Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,931
Maven
5,000+
npm
5,000+
NuGet
969
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,382
Swift
56
Unreviewed advisories
All unreviewed
5,000+

3,508 advisories

Loading
zeroconf has unbounded DNS record cache that allows LAN-local memory exhaustion via multicast flood Moderate
CVE-2026-47184 was published for zeroconf (pip) May 29, 2026
zeroconf: Unbounded exception-dedup state retains packet buffers via traceback frame locals, enabling LAN-local memory exhaustion Moderate
CVE-2026-47183 was published for zeroconf (pip) May 29, 2026
go-git: Malformed Git object data may cause panics or resource exhaustion Moderate
GHSA-w5pp-99ch-qj29 was published for github.com/go-git/go-git/v5 (Go) May 29, 2026
hiddeco Credited to hiddeco, N0zoM1z0, AyushParkara, and kodareef5 N0zoM1z0 N0zoM1z0
AyushParkara AyushParkara kodareef5 kodareef5
A vulnerability has been found in Shibby Tomato 1.28. The impacted element is an unknown function... High Unreviewed
CVE-2026-10069 was published May 29, 2026
Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are... Moderate Unreviewed
CVE-2026-46843 was published May 28, 2026
Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive... Moderate Unreviewed
CVE-2026-49094 was published May 28, 2026
Vulnerability in Oracle REST Data Services (component: Mongoapi). Supported versions that are... High Unreviewed
CVE-2026-46829 was published May 28, 2026
Vulnerability in the Net Service component of Oracle Database Server. Supported versions that... High Unreviewed
CVE-2026-46834 was published May 28, 2026
Vulnerability in the Net Service component of Oracle Database Server. Supported versions that... High Unreviewed
CVE-2026-46835 was published May 28, 2026
Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive... Moderate Unreviewed
CVE-2026-42400 was published May 28, 2026
Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive... Moderate Unreviewed
CVE-2026-42399 was published May 28, 2026
Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to a denial of service via... Moderate Unreviewed
CVE-2026-33464 was published May 28, 2026
Symfony's JsonPath Evaluates Attacker-Controlled Regular Expressions in match()/search() Without Limits — ReDoS Low
CVE-2026-45756 was published for symfony/json-path (Composer) May 28, 2026
alexandre-daubois Credited to alexandre-daubois and unknownhad unknownhad unknownhad
LiquidJS has a memory and render limit bypass via unbounded width padding in `date` filter (strftime) High
CVE-2026-45357 was published for liquidjs (npm) May 27, 2026
offset Credited to offset and 0xEr3n 0xEr3n 0xEr3n
IBM Langflow OSS 1.0.0 through 1.9.0 could allow a denial of service due to uncontrolled resource... High Unreviewed
CVE-2026-7528 was published May 27, 2026
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service... Moderate Unreviewed
CVE-2026-6051 was published May 27, 2026
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to running out of memory... Moderate Unreviewed
CVE-2026-6052 was published May 27, 2026
IBM WebSphere Application Server - Liberty 19.0.0.7 through 26.0.0.5 and IBM WebSphere... Moderate Unreviewed
CVE-2026-4410 was published May 27, 2026
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for... Moderate Unreviewed
CVE-2026-7493 was published May 27, 2026
LiquidJS has a renderLimit DoS guard bypass via empty `{% for %}` body Moderate
CVE-2026-44645 was published for liquidjs (npm) May 27, 2026
offset Credited to offset and 0xEr3n 0xEr3n 0xEr3n
IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service in configurations where an... High Unreviewed
CVE-2026-8856 was published May 26, 2026
Versions of the package pacote from 11.2.7 are vulnerable to Denial of Service (DoS) via the... High Unreviewed
CVE-2026-9496 was published May 26, 2026
Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows... High Unreviewed
CVE-2026-47077 was published May 26, 2026
HP ENVY 5000 series printers VERBASPP1N003.2237A.00 do not properly manage concurrent TCP... Moderate Unreviewed
CVE-2026-42626 was published May 26, 2026
Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. Moderate Unreviewed
CVE-2026-25680 was published May 26, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database