Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

402 advisories

Loading
Protobuf: Unbounded recursion depth in embedded-message decoding High
CVE-2026-54451 was published for protobuf (Erlang) Jul 15, 2026
PJUllrich Credited to PJUllrich and whatyouhide whatyouhide whatyouhide
Trapster Community: Unauthenticated malformed DNS compression pointers crash per-packet honeypot handler Moderate
GHSA-mxwc-wh95-pw4g was published for trapster (pip) Jul 8, 2026
tonghuaroot Credited to tonghuaroot
ratex-parser has unbounded parser recursion that leads to stack overflow (process abort) Moderate
CVE-2026-53531 was published for ratex-parser (Rust) Jul 7, 2026
nikkoenggaliano Credited to nikkoenggaliano
SurrealDB vulnerable to Denial of Service due to nested types annotations Moderate
GHSA-q8qp-67f9-wr3f was published for surrealdb (Rust) Jul 1, 2026
DarkaMaul Credited to DarkaMaul
SurrealDB has Denial of Service in JSON parser due to nested objects High
GHSA-q729-696q-g9pq was published for surrealdb (Rust) Jul 1, 2026
DarkaMaul Credited to DarkaMaul
Microsoft.OpenAPI: Circular schema references may terminate OpenAPI parsing High
CVE-2026-49451 was published for Microsoft.OpenAPI (NuGet) Jun 30, 2026
baywet Credited to baywet, cookesan, Falco20019, and mahsa-lamiyan cookesan cookesan
Falco20019 Falco20019 mahsa-lamiyan mahsa-lamiyan
A flaw was found in p11-kit. The RPC message attribute parsing functions... Moderate Unreviewed
CVE-2026-13757 was published Jun 29, 2026
MindflareX Credited to MindflareX and adamus2 adamus2 adamus2
ImageMagick Vulnerable to Stack Overflow in its MVG Decoder Moderate
CVE-2026-48734 was published for Magick.NET-Q16-AnyCPU (NuGet) Jun 25, 2026
omkhar Credited to omkhar
MessagePack-CSharp: DynamicUnionResolver-generated deserializers miss depth enforcement Moderate
CVE-2026-48513 was published for MessagePack (NuGet) Jun 25, 2026
AArnott Credited to AArnott
MessagePack-CSharp: JSON conversion APIs can recurse without consistent depth enforcement Moderate
CVE-2026-48512 was published for MessagePack (NuGet) Jun 25, 2026
AArnott Credited to AArnott
MessagePack-CSharp: MessagePackReader.Skip can recurse without enforcing maximum object graph depth High
CVE-2026-48506 was published for MessagePack (NuGet) Jun 25, 2026
AArnott Credited to AArnott
AArnott Credited to AArnott
SurrealDB: Denial of Service via deep operator chains Moderate
GHSA-jv2j-mqmw-xvv5 was published for surrealdb (Rust) Jun 19, 2026
kocaemre Credited to kocaemre, G-Rath, iBotPeaches, Starfox64, sfriedman-cape, and maikelvdh G-Rath G-Rath
iBotPeaches iBotPeaches Starfox64 Starfox64 sfriedman-cape sfriedman-cape maikelvdh maikelvdh
protobufjs: Denial of service through unbounded Any expansion during JSON conversion High
CVE-2026-48712 was published for protobufjs (npm) Jun 15, 2026
EchoSkorJjj Credited to EchoSkorJjj, yueyueL, and dcodeIO yueyueL yueyueL
dcodeIO dcodeIO
protobufjs : Schema-derived names can shadow runtime-significant properties Moderate
CVE-2026-54269 was published for protobufjs (npm) Jun 15, 2026
acorn421 Credited to acorn421 and dcodeIO dcodeIO dcodeIO
ProTip! Advisories are also available from the GraphQL API