Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,049
Maven
5,000+
npm
4,787
NuGet
825
pip
4,384
Pub
12
RubyGems
988
Rust
1,144
Swift
50
Unreviewed advisories
All unreviewed
5,000+

3,199 advisories

Loading
pypdf: Manipulated RunLengthDecode streams can exhaust RAM Moderate
CVE-2026-28351 was published for pypdf (pip) Feb 28, 2026
bugbunny-research Credited to bugbunny-research and stefan6419846 stefan6419846 stefan6419846
Snowflake JDBC Driver is Vulnerable to Uncontrolled Resource Consumption through SdkProxyRoutePlanner Low
CVE-2026-3293 was published for net.snowflake:snowflake-jdbc (Maven) Feb 27, 2026
Uncontrolled Resource Consumption (CWE-400) in the Timelion component in Kibana can lead Denial... Moderate Unreviewed
CVE-2026-26937 was published Feb 26, 2026
pypdf: Manipulated FlateDecode XFA streams can exhaust RAM Moderate
CVE-2026-27888 was published for pypdf (pip) Feb 26, 2026
bekkaze Credited to bekkaze and stefan6419846 stefan6419846 stefan6419846
Wasmtime WASI implementations are vulnerable to guest-controlled resource exhaustion Moderate
CVE-2026-27204 was published for wasmtime (Rust) Feb 24, 2026
mbund Credited to mbund, alexcrichton, and pchickey alexcrichton alexcrichton
pchickey pchickey
ImageMagick has infinite loop when writing IPTCTEXT leads to denial of service via crafted profile Moderate
CVE-2026-26066 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
TOTOLINK X5000R V9.1.0cu.2415_B20250515 contains a denial-of-service vulnerability in /cgi-bin... High Unreviewed
CVE-2025-67445 was published Feb 24, 2026
ImageMagick: Infinite loop vulnerability when parsing a PCD file High
CVE-2026-24485 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
ImageMagick: Converting multi-layer nested MVG to SVG can cause DoS Moderate
CVE-2026-24484 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
TOTOLINK X5000R v9.1.0cu_2415_B20250515 contains an argument injection vulnerability in the... Critical Unreviewed
CVE-2025-70327 was published Feb 23, 2026
Moodle TeX formula editor is vulnerable to DoS through lack of execution time limits Moderate
CVE-2026-26047 was published for moodle/moodle (Composer) Feb 21, 2026
OpenClaw: ACP prompt-size checks missing in local stdio bridge could reduce responsiveness with very large inputs Moderate
CVE-2026-27576 was published for openclaw (npm) Feb 20, 2026
aether-ai-agent Credited to aether-ai-agent
OpenClaw has a Web Fetch DoS via unbounded response parsing Moderate
GHSA-p536-vvpp-9mc8 was published for openclaw (npm) Feb 19, 2026
xuemian168 Credited to xuemian168 and ShangzhiXu ShangzhiXu ShangzhiXu
Bematech (formerly Logic Controls, now Elgin) MP-4200 TH printer contains a denial of service... High Unreviewed
CVE-2019-25401 was published Feb 19, 2026
In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.8, 9.3.9, and 9.2.12, and Splunk Cloud... Moderate Unreviewed
CVE-2026-20139 was published Feb 18, 2026
OpenClaw affected by denial of service via unbounded webhook request body buffering High
GHSA-q447-rj3r-2cgh was published for clawdbot (npm) Feb 18, 2026
vincentkoc Credited to vincentkoc
OpenClaw affected by denial of service through unguarded archive extraction allowing high expansion/resource abuse (ZIP/TAR) Moderate
GHSA-h89v-j3x9-8wqj was published for clawdbot (npm) Feb 18, 2026
vincentkoc Credited to vincentkoc
OpenClaw: denial of service through large base64 media files allocating large buffers before limit checks Moderate
GHSA-w2cg-vxx6-5xjg was published for clawdbot (npm) Feb 18, 2026
vincentkoc Credited to vincentkoc
OpenClaw affected by denial of service via unbounded URL-backed media fetch High
GHSA-j27p-hq53-9wgc was published for openclaw (npm) Feb 18, 2026
vincentkoc Credited to vincentkoc
A vulnerability in the management API of the affected product could allow an unauthenticated... Moderate Unreviewed
CVE-2026-23596 was published Feb 17, 2026
An issue in IObit Unlocker v1.3.0.11 allows attackers to cause a Denial of Service (DoS) via a... Moderate Unreviewed
CVE-2025-66676 was published Feb 13, 2026
An issue in halo v.2.22.4 and before allows a remote attacker to cause a denial of service via a... High Unreviewed
CVE-2025-70886 was published Feb 12, 2026
Traefik: TCP readTimeout bypass via STARTTLS on Postgres High
CVE-2026-25949 was published for github.com/traefik/traefik/v3 (Go) Feb 12, 2026
manizada Credited to manizada
webtransport-go: CloseWithError can block indefinitely Moderate
CVE-2026-21435 was published for github.com/quic-go/webtransport-go (Go) Feb 12, 2026
The issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26.3,... High Unreviewed
CVE-2026-20652 was published Feb 12, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database