GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,273
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,489
Swift
61
Unreviewed advisories
All unreviewed
5,000+
1,870 advisories
Filter by severity
A denial-of-service vulnerability caused by unbounded resource allocation was discovered in the...
High
Unreviewed
CVE-2026-31984
was published
Jul 9, 2026
HashiCorp memberlist before version 0.6.0 is vulnerable to a denial-of-service issue in its push...
Moderate
Unreviewed
CVE-2026-14362
was published
Jul 8, 2026
App::Ack versions before 3.10.0 for Perl allow memory exhaustion via an unbounded context value...
High
Unreviewed
CVE-2026-49146
was published
Jul 8, 2026
sshd in OpenSSH before 10.4 does not always honor the minimum authentication delay.
Moderate
Unreviewed
CVE-2026-60001
was published
Jul 8, 2026
sshd in OpenSSH before 10.4 allows remote attackers to cause a denial of service (resource...
Low
Unreviewed
CVE-2026-60000
was published
Jul 8, 2026
Coder vulnerable to denial of service via unbounded request body in AI Bridge provider endpoints
Moderate
CVE-2026-55434
was published
for
github.com/coder/coder/v2
(Go)
Jul 6, 2026
Coder: Zip upload decompression lacks aggregate size limit, enabling denial of service
Moderate
CVE-2026-55078
was published
for
github.com/coder/coder/v2
(Go)
Jul 6, 2026
By default, curl automatically responds to WebSocket PING frames. Because curl
lacks an upper...
High
Unreviewed
CVE-2026-11586
was published
Jul 3, 2026
Eclipse Wakaama before snapshot/2026-05-26 contains an unbounded memory allocation vulnerability...
High
Unreviewed
CVE-2026-58465
was published
Jul 2, 2026
golang.org/x/image/tiff has excessive resource consumption in PackBits decompression
High
CVE-2026-46599
was published
for
golang.org/x/image
(Go)
Jul 2, 2026
Zebra has pre-handshake buffer capacity reservation based on attacker-claimed body length
Low
GHSA-h72h-ppcx-998p
was published
for
zebra-network
(Rust)
Jul 2, 2026
zebrad has mempool transaction admission denial via single-peer inbound queue saturation
Moderate
CVE-2026-52732
was published
for
zebrad
(Rust)
Jul 2, 2026
zebrad vulnerable to getblocks/getheaders locator CPU amplification via uncapped vector length
Low
GHSA-443g-gwgp-49x4
was published
for
zebra-chain
(Rust)
Jul 2, 2026
An unauthenticated remote attacker can exhaust
server memory via the GetEndpoints Discovery...
High
Unreviewed
CVE-2026-11946
was published
Jul 2, 2026
An unauthenticated remote attacker can exhaust
server memory via the FindServers Discovery...
High
Unreviewed
CVE-2026-33592
was published
Jul 2, 2026
Mailpit: Sibling-endpoint memory-exhaustion DoS via unbounded JSON body on /api/v1/messages, /api/v1/tags, and /api/v1/message/{id}/release (incomplete fix of GHSA-fpxj-m5q8-fphw)
Moderate
CVE-2026-48824
was published
for
github.com/axllent/mailpit
(Go)
Jul 1, 2026
SurrealDB vulnerable to pre-auth memory amplification via unbounded `/sql` WebSocket frames
Moderate
GHSA-65rj-r9fh-jp2v
was published
for
surrealdb
(Rust)
Jul 1, 2026
Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can lead to a...
Moderate
Unreviewed
CVE-2026-56149
was published
Jul 1, 2026
Allocation of Resources Without Limits or Throttling (CWE-770) in Fleet Server can lead to a...
Moderate
Unreviewed
CVE-2026-56150
was published
Jul 1, 2026
Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana can lead to a denial of...
Moderate
Unreviewed
CVE-2026-49087
was published
Jul 1, 2026
A vulnerability in the InstallShield file format parser of ClamAV could allow an unauthenticated,...
High
Unreviewed
CVE-2026-20216
was published
Jul 1, 2026
Multiple unbounded alloca() calls in the PulseAudio protocol server.
Moderate
Unreviewed
CVE-2026-14330
was published
Jul 1, 2026
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to...
Moderate
Unreviewed
CVE-2025-36319
was published
Jun 30, 2026
Sigstore Timestamp Authority has OOM due to unbounded metric label cardinality
Moderate
CVE-2026-49835
was published
for
github.com/sigstore/timestamp-authority
(Go)
Jun 30, 2026
Delta Electronics DVP12SE PLCs are susceptible to a resource allocation vulnerability without...
Critical
Unreviewed
CVE-2026-12818
was published
Jun 30, 2026
ProTip!
Advisories are also available from the
GraphQL API