Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
43
Go
3,164
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,458
Pub
12
RubyGems
991
Rust
1,184
Swift
50
Unreviewed advisories
All unreviewed
5,000+

3,230 advisories

Loading
HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and... High Unreviewed
CVE-2026-25819 was published Mar 13, 2026
file-type: ZIP Decompression Bomb DoS via [Content_Types].xml entry Moderate
CVE-2026-32630 was published for file-type (npm) Mar 13, 2026
ByamB4 Credited to ByamB4
CairoSVG vulnerable to Exponential DoS via recursive <use> element amplification High
CVE-2026-31899 was published for CairoSVG (pip) Mar 13, 2026
SnailSploit Credited to SnailSploit
Gokapi vulnerable to DoS in E2E Metadata Parser Moderate
CVE-2026-30955 was published for github.com/forceu/gokapi (Go) Mar 13, 2026
Sijisu Credited to Sijisu, Forceu, and aisafe-bot Forceu Forceu
aisafe-bot aisafe-bot
ImageMagick: Specially crafted SVG leads to segmentation fault and generate trash files in "/tmp", possible to leverage DoS Moderate
CVE-2023-1289 was published for Magick.NET-Q16-AnyCPU (NuGet) Mar 12, 2026
Im10n Credited to Im10n
Tornado is vulnerable to DoS due to too many multipart parts High
CVE-2026-31958 was published for tornado (pip) Mar 12, 2026
0x-Apollyon Credited to 0x-Apollyon and bekkaze bekkaze bekkaze
An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in Nexusoft... High Unreviewed
CVE-2025-70047 was published Mar 9, 2026
An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in YMFE yapi v1... High Unreviewed
CVE-2025-70059 was published Mar 9, 2026
A crafted JavaScript input executed with the QuickJS release 2025-09-13, fixed in commit... High Unreviewed
CVE-2025-69654 was published Mar 6, 2026
An issue was discovered in Binutils before 2.46. The objdump contains a denial-of-service... Moderate Unreviewed
CVE-2025-69644 was published Mar 6, 2026
Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with... Moderate Unreviewed
CVE-2025-69646 was published Mar 6, 2026
Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with... Moderate Unreviewed
CVE-2025-69645 was published Mar 6, 2026
The Eclipse Jetty Server Artifact has a Gzip request memory leak High
CVE-2026-1605 was published for org.eclipse.jetty:jetty-server (Maven) Mar 5, 2026
glebashnik Credited to glebashnik and bjorncs bjorncs bjorncs
Python-Markdown has an Uncaught Exception Moderate
CVE-2025-69534 was published for Markdown (pip) Mar 5, 2026
Multiple Cisco products are affected by a vulnerability in the Snort 3 Detection Engine that... Moderate Unreviewed
CVE-2026-20066 was published Mar 4, 2026
An issue in DJI Mavic Mini, Spark, Mavic Air, Mini, Mini SE 0.1.00.0500 and below allows a remote... High Unreviewed
CVE-2026-26673 was published Mar 4, 2026
A technique has been identified that adapts a known port-stealing method to Wi-Fi environments... Moderate Unreviewed
CVE-2026-23809 was published Mar 4, 2026
Traefik: tcp router clears read deadlines before tls forwarding, enabling stalled handshakes (Slowloris DOS) High
CVE-2026-26999 was published for github.com/traefik/traefik/v2 (Go) Mar 4, 2026
1seal Credited to 1seal
OpenClaw skills-install-download: tar.bz2 extraction bypassed archive safety parity checks (local DoS) Moderate
GHSA-77hf-7fqf-f227 was published for openclaw (npm) Mar 3, 2026
GCXWLP Credited to GCXWLP
OpenClaw has pre-auth webhook body parsing that can enable unauthenticated slow-request DoS Moderate
GHSA-x4vp-4235-65hg was published for openclaw (npm) Mar 3, 2026
GCXWLP Credited to GCXWLP
Django vulnerable to Uncontrolled Resource Consumption High
CVE-2026-25673 was published for Django (pip) Mar 3, 2026
OpenClaw voice-call media stream validated streams after upgrade, which could allow pre-start unauthenticated sockets to increase resource pressure High
CVE-2026-32062 was published for @openclaw/voice-call (npm) Mar 2, 2026
jiseoung Credited to jiseoung
OpenClaw's inbound media downloads could exceed configured byte limits before rejection across multiple channels Moderate
GHSA-rxxp-482v-7mrh was published for openclaw (npm) Mar 2, 2026
tdjackey Credited to tdjackey
`melange update-cache` has unbounded HTTP download that can exhaust disk in CI Moderate
CVE-2026-29049 was published for chainguard.dev/melange (Go) Mar 2, 2026
1seal Credited to 1seal, antitree, and 89luca89 antitree antitree
89luca89 89luca89
OpenClaw has unbounded memory growth in Zalo webhook via query-string key churn (unauthenticated DoS) Moderate
GHSA-wr6m-jg37-68xh was published for openclaw (npm) Mar 2, 2026
Somet2mes Credited to Somet2mes and migraine-sudo migraine-sudo migraine-sudo
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database