Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

163,970 advisories

Loading
adawolfa/isdoc: Uncontrolled resource consumption (decompression bomb) when reading untrusted ISDOCX or PDF files Moderate
GHSA-xg43-5579-qw6v was published for adawolfa/isdoc (Composer) Jul 15, 2026
ViewComponent: Reused Component Instances Retain Stale Render Context Moderate
CVE-2026-54497 was published for view_component (RubyGems) Jul 15, 2026
cyberlanc3r Credited to cyberlanc3r
open-feature-operator: Cross-namespace FeatureFlagSource and InProcessConfiguration resolution exposes spec contents on multi-tenant clusters Moderate
CVE-2026-54495 was published for github.com/open-feature/open-feature-operator (Go) Jul 15, 2026
0xVijay Credited to 0xVijay
serde_with: KeyValueMap serialization panics on empty sequence or map entries Moderate
GHSA-7gcf-g7xr-8hxj was published for serde_with (Rust) Jul 15, 2026
7thParkk Credited to 7thParkk
websocket-driver: Resource limit bypass via message compression Moderate
CVE-2026-54490 was published for websocket-driver (npm) Jul 15, 2026
pranjalithakur Credited to pranjalithakur
websocket-driver: Memory exhaustion in HTTP header parser Moderate
CVE-2026-54465 was published for websocket-driver (RubyGems) Jul 15, 2026
pranjalithakur Credited to pranjalithakur
websocket-driver: Resource limit bypass via message compression Moderate
CVE-2026-54464 was published for websocket-driver (RubyGems) Jul 15, 2026
pranjalithakur Credited to pranjalithakur
websocket-driver: Memory exhaustion via abuse of protocol length headers Moderate
CVE-2026-54463 was published for websocket-driver (RubyGems) Jul 15, 2026
pranjalithakur Credited to pranjalithakur
Pixeldrain API key shared with unverified thirdparty sites Moderate
CVE-2026-54254 was published for cyberdrop-dl-patched (pip) Jul 15, 2026
NTFSvolume Credited to NTFSvolume
safeurl is Missing IPv6 CIDR Ranges in Blocklist Moderate
CVE-2026-54452 was published for github.com/doyensec/safeurl (Go) Jul 15, 2026
tonghuaroot Credited to tonghuaroot
vittorio-prodomo Credited to vittorio-prodomo, mo-getter, benjaminpkane, kevin-dimichel, AdonaiVera, and AAtomical mo-getter mo-getter
benjaminpkane benjaminpkane kevin-dimichel kevin-dimichel AdonaiVera AdonaiVera AAtomical AAtomical
MantisBT: Injection of TIME_TRACKING and REMINDER Notes via REST and SOAP APIs Moderate
CVE-2026-52883 was published for mantisbt/mantisbt (Composer) Jul 15, 2026
byteoverride Credited to byteoverride and dregad dregad dregad
MantisBT: REST and SOAP API Issue Update Accepts Unreleased Product Versions From Updaters Moderate
CVE-2026-52882 was published for mantisbt/mantisbt (Composer) Jul 15, 2026
dregad Credited to dregad
Dell ThinOS 10, versions prior to 2605_10.2100 contain a Protection Mechanism Failure... Moderate Unreviewed
CVE-2026-56087 was published Jul 15, 2026
ProTip! Advisories are also available from the GraphQL API