Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,048
Maven
5,000+
npm
4,785
NuGet
825
pip
4,383
Pub
12
RubyGems
987
Rust
1,143
Swift
50
Unreviewed advisories
All unreviewed
5,000+

187 advisories

Loading
Traefik: TCP readTimeout bypass via STARTTLS on Postgres High
CVE-2026-25949 was published for github.com/traefik/traefik/v3 (Go) Feb 12, 2026
manizada Credited to manizada
webtransport-go: CloseWithError can block indefinitely Moderate
CVE-2026-21435 was published for github.com/quic-go/webtransport-go (Go) Feb 12, 2026
Sliver has DNS C2 OTP Bypass that Allows Unauthenticated Session Flooding and Denial of Service High
CVE-2026-25791 was published for github.com/bishopfox/sliver (Go) Feb 6, 2026
xtle0o0 Credited to xtle0o0
Navidrome affected by Denial of Service and disk exhaustion via oversized `size` parameter in `/rest/getCoverArt` and `/share/img/<token>` endpoints Critical
CVE-2026-25579 was published for github.com/navidrome/navidrome (Go) Feb 4, 2026
yunfachi Credited to yunfachi
apko affected by potential unbounded resource consumption in expandapk.ExpandApk on attacker-controlled .apk streams High
CVE-2026-25140 was published for chainguard-dev/apko (Go) Feb 4, 2026
1seal Credited to 1seal, egibs, antitree, and jdolitsky egibs egibs
antitree antitree jdolitsky jdolitsky
apko affected by unbounded resource consumption in expandapk.Split on attacker-controlled .apk streams Moderate
CVE-2026-25122 was published for chainguard.dev/apko (Go) Feb 3, 2026
1seal Credited to 1seal, egibs, antitree, and jdolitsky egibs egibs
antitree antitree jdolitsky jdolitsky
gmrtd ReadFile Vulnerable to Denial of Service via Excessive TLV Length Values Moderate
CVE-2026-24738 was published for github.com/gmrtd/gmrtd (Go) Jan 27, 2026
ramrunner Credited to ramrunner
Pterodactyl endlessly reprocesses/reuploads activity log data due to SQLite max parameters limit not being considered High
CVE-2026-21696 was published for github.com/pterodactyl/wings (Go) Jan 20, 2026
danny6167 Credited to danny6167
Pterodactyl websocket endpoints have no visible rate limits or monitoring, allowing for DOS attacks High
CVE-2025-69199 was published for github.com/pterodactyl/wings (Go) Jan 20, 2026
KianBrose Credited to KianBrose
go-ethereum is vulnerable to high CPU usage leading to DoS via malicious p2p message High
CVE-2026-22868 was published for github.com/ethereum/go-ethereum (Go) Jan 13, 2026
Yenya030 Credited to Yenya030
flagd: Multiple Go Runtime CVEs Impact Security and Availability High
GHSA-4c5f-9mj4-m247 was published for github.com/open-feature/flagd/core (Go) Jan 5, 2026
pramod-ahire Credited to pramod-ahire
Logrus is vulnerable to DoS when using Entry.Writer() High
CVE-2025-65637 was published for github.com/sirupsen/logrus (Go) Dec 4, 2025
NSSF panic due to nil pointer dereference when expiry field is omitted in NSSAIAvailability POST High
CVE-2025-60638 was published for github.com/free5gc/nssf (Go) Nov 24, 2025
jose2go is vulnerable to a JWT bomb attack through its decode function High
CVE-2025-63811 was published for github.com/dvsekhvalnov/jose2go (Go) Nov 12, 2025
gnark-crypto allows unchecked memory allocation during vector deserialization High
GHSA-fj2x-735w-74vq was published for github.com/consensys/gnark-crypto (Go) Oct 30, 2025
raefko Credited to raefko
OpenBao has potential Denial of Service vulnerability when processing malicious unauthenticated JSON requests High
CVE-2025-59043 was published for github.com/openbao/openbao (Go) Oct 17, 2025
phil9909 Credited to phil9909
Parallax is vulnerable to DoS via malicious p2p message High
GHSA-xc79-566c-j4qx was published for github.com/microstack-tech/parallax (Go) Oct 10, 2025
github.com/MANTRA-Chain/mantrachain/x/tokenfactory tx gas limit is not enforced in send hooks High
CVE-2025-61595 was published for github.com/MANTRA-Chain/mantrachain (Go) Sep 30, 2025
Hellobloc Credited to Hellobloc
gnark affected by denial of service when computing scalar multiplication using fake-GLV algorithm High
CVE-2025-58157 was published for github.com/consensys/gnark (Go) Aug 29, 2025
feltroidprime Credited to feltroidprime
File Browser's Uncontrolled Memory Consumption vulnerability can enable DoS attack due to oversized file processing High
CVE-2025-53893 was published for github.com/filebrowser/filebrowser/v2 (Go) Jul 16, 2025
maen08 Credited to maen08 and hacdias hacdias hacdias
Authorino Uncontrolled Resource Consumption vulnerability Moderate
CVE-2025-25208 was published for github.com/kuadrant/authorino (Go) Jun 9, 2025
Authorino Uncontrolled Resource Consumption vulnerability Moderate
CVE-2025-25207 was published for github.com/kuadrant/authorino (Go) Jun 9, 2025
Ackites KillWxapkg Zip Bomb Resource Exhaustion Low
CVE-2025-5031 was published for github.com/Ackites/KillWxapkg (Go) May 21, 2025
achibear Credited to achibear
Linkerd resource exhaustion vulnerability Moderate
CVE-2025-43915 was published for github.com/linkerd/linkerd2 (Go) May 5, 2025
ericd Credited to ericd
Ollama Vulnerable to Denial of Service (DoS) via Crafted GZIP High
CVE-2024-12886 was published for github.com/ollama/ollama (Go) Mar 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database