Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

1,870 advisories

Loading
sshd in OpenSSH before 10.4 does not always honor the minimum authentication delay. Moderate Unreviewed
CVE-2026-60001 was published Jul 8, 2026
Coder vulnerable to denial of service via unbounded request body in AI Bridge provider endpoints Moderate
CVE-2026-55434 was published for github.com/coder/coder/v2 (Go) Jul 6, 2026
Coder: Zip upload decompression lacks aggregate size limit, enabling denial of service Moderate
CVE-2026-55078 was published for github.com/coder/coder/v2 (Go) Jul 6, 2026
golang.org/x/image/tiff has excessive resource consumption in PackBits decompression High
CVE-2026-46599 was published for golang.org/x/image (Go) Jul 2, 2026
Zebra has pre-handshake buffer capacity reservation based on attacker-claimed body length Low
GHSA-h72h-ppcx-998p was published for zebra-network (Rust) Jul 2, 2026
ouicate Credited to ouicate and oxarbitrage oxarbitrage oxarbitrage
zebrad has mempool transaction admission denial via single-peer inbound queue saturation Moderate
CVE-2026-52732 was published for zebrad (Rust) Jul 2, 2026
dingledropper Credited to dingledropper, mpguerra, and oxarbitrage mpguerra mpguerra
oxarbitrage oxarbitrage
zebrad vulnerable to getblocks/getheaders locator CPU amplification via uncapped vector length Low
GHSA-443g-gwgp-49x4 was published for zebra-chain (Rust) Jul 2, 2026
dingledropper Credited to dingledropper, mpguerra, and oxarbitrage mpguerra mpguerra
oxarbitrage oxarbitrage
SurrealDB vulnerable to pre-auth memory amplification via unbounded `/sql` WebSocket frames Moderate
GHSA-65rj-r9fh-jp2v was published for surrealdb (Rust) Jul 1, 2026
Multiple unbounded alloca() calls in the PulseAudio protocol server. Moderate Unreviewed
CVE-2026-14330 was published Jul 1, 2026
Sigstore Timestamp Authority has OOM due to unbounded metric label cardinality Moderate
CVE-2026-49835 was published for github.com/sigstore/timestamp-authority (Go) Jun 30, 2026
ProTip! Advisories are also available from the GraphQL API