GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
102
GitHub Actions
54
Go
4,323
Maven
5,000+
npm
5,000+
NuGet
1,031
pip
5,000+
Pub
13
RubyGems
1,122
Rust
1,494
Swift
61
Unreviewed advisories
All unreviewed
5,000+
402 advisories
Filter by severity
Protobuf: Unbounded recursion depth in embedded-message decoding
High
CVE-2026-54451
was published
for
protobuf
(Erlang)
Jul 15, 2026
Trapster Community: Unauthenticated malformed DNS compression pointers crash per-packet honeypot handler
Moderate
GHSA-mxwc-wh95-pw4g
was published
for
trapster
(pip)
Jul 8, 2026
ratex-parser has unbounded parser recursion that leads to stack overflow (process abort)
Moderate
CVE-2026-53531
was published
for
ratex-parser
(Rust)
Jul 7, 2026
Mojo::JSON versions before 9.47 for Perl allow memory exhaustion via unbounded recursion in the...
Moderate
Unreviewed
CVE-2026-14803
was published
Jul 6, 2026
pdfcpu through v0.11.1 contains an uncontrolled-recursion denial-of-service issue in pkg/pdfcpu...
High
Unreviewed
CVE-2026-38970
was published
Jul 2, 2026
SurrealDB vulnerable to Denial of Service due to nested types annotations
Moderate
GHSA-q8qp-67f9-wr3f
was published
for
surrealdb
(Rust)
Jul 1, 2026
SurrealDB has Denial of Service in JSON parser due to nested objects
High
GHSA-q729-696q-g9pq
was published
for
surrealdb
(Rust)
Jul 1, 2026
Uncontrolled Recursion (CWE-674) in Elasticsearch can lead to a denial of service via Excessive...
Moderate
Unreviewed
CVE-2026-56148
was published
Jul 1, 2026
Microsoft.OpenAPI: Circular schema references may terminate OpenAPI parsing
High
CVE-2026-49451
was published
for
Microsoft.OpenAPI
(NuGet)
Jun 30, 2026
A flaw was found in p11-kit. The RPC message attribute parsing functions...
Moderate
Unreviewed
CVE-2026-13757
was published
Jun 29, 2026
In the Linux kernel, the following vulnerability has been resolved:
arm64: Reserve an extra page...
Moderate
Unreviewed
CVE-2026-53288
was published
Jun 26, 2026
Scriban: ExpressionDepthLimit guard is non-enforcing — parser-recursion DoS in 6.6.0–7.2.0 (incomplete fix for GHSA-wgh7-7m3c-fx25 / GHSA-p6q4-fgr8-vx4p)
Moderate
GHSA-6q7j-xr26-3h2c
was published
for
Scriban
(NuGet)
Jun 26, 2026
ImageMagick Vulnerable to Stack Overflow in its MVG Decoder
Moderate
CVE-2026-48734
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Jun 25, 2026
MessagePack-CSharp: DynamicUnionResolver-generated deserializers miss depth enforcement
Moderate
CVE-2026-48513
was published
for
MessagePack
(NuGet)
Jun 25, 2026
MessagePack-CSharp: JSON conversion APIs can recurse without consistent depth enforcement
Moderate
CVE-2026-48512
was published
for
MessagePack
(NuGet)
Jun 25, 2026
MessagePack-CSharp: MessagePackReader.Skip can recurse without enforcing maximum object graph depth
High
CVE-2026-48506
was published
for
MessagePack
(NuGet)
Jun 25, 2026
MessagePack-CSharp: Denial of service vulnerabilities can swamp the CPU or crash the process with stack and heap overflows
High
CVE-2026-48502
was published
for
MessagePack
(NuGet)
Jun 25, 2026
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_ct: bail out...
High
Unreviewed
CVE-2026-53267
was published
Jun 25, 2026
In the Linux kernel, the following vulnerability has been resolved:
accel/ivpu: Fix signed...
High
Unreviewed
CVE-2026-53202
was published
Jun 25, 2026
MuPDF before 1.27.0-rc1 contains an uncontrolled recursion vulnerability in the EPUB CSS...
High
Unreviewed
CVE-2025-71382
was published
Jun 23, 2026
SurrealDB: Denial of Service via deep operator chains
Moderate
GHSA-jv2j-mqmw-xvv5
was published
for
surrealdb
(Rust)
Jun 19, 2026
Faraday: Uncontrolled recursion in NestedParamsEncoder allows stack exhaustion DoS via deeply nested query parameters
High
CVE-2026-54297
was published
for
faraday
(RubyGems)
Jun 19, 2026
protobufjs: Denial of service through unbounded Any expansion during JSON conversion
High
CVE-2026-48712
was published
for
protobufjs
(npm)
Jun 15, 2026
protobufjs : Schema-derived names can shadow runtime-significant properties
Moderate
CVE-2026-54269
was published
for
protobufjs
(npm)
Jun 15, 2026
Stack overflow vulnerability due to uncontrolled recursion in Avast Antivirus when scanning a...
Moderate
Unreviewed
CVE-2025-7010
was published
Jun 13, 2026
ProTip!
Advisories are also available from the
GraphQL API