close
Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
65
GitHub Actions
50
Go
3,845
Maven
5,000+
npm
5,000+
NuGet
956
pip
5,000+
Pub
13
RubyGems
1,061
Rust
1,358
Swift
54
Unreviewed advisories
All unreviewed
5,000+

30,755 advisories

Loading
ImageMagick: Heap Buffer Over-Write of a single byte in the JP2 encoder. Moderate
CVE-2026-46559 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
007bsd Credited to 007bsd
ImageMagick: Stack overflow in fx operation Moderate
CVE-2026-46557 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
007bsd Credited to 007bsd
ImageMagick: Use-After-Free in MSL decoder. Moderate
CVE-2026-46523 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
meridian0x01 Credited to meridian0x01
ImageMagick: Infinite Loop in the MIFF decoder can lead to CPU exhaustion High
CVE-2026-46522 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
bl4cksku11 Credited to bl4cksku11
ImageMagick: Heap Buffer Over-Write in MIFF encoder when using LZMA compression Moderate
CVE-2026-46521 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
sharadboni Credited to sharadboni
ImageMagick: Heap Buffer Over-Write in IPL decoder when reading multiple images of different dimensions High
CVE-2026-46520 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
omkhar Credited to omkhar
ImageMagick: Policy Bypass in MNG coder could Moderate
CVE-2026-45664 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
pucagit Credited to pucagit
ImageMagick: Heap Buffer Over-Read of a 4 bytes in distort operation. Moderate
CVE-2026-45624 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
007bsd Credited to 007bsd
HAPI FHIR: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint High
CVE-2026-45367 was published for ca.uhn.hapi.fhir:org.hl7.fhir.dstu2 (Maven) May 18, 2026
offset Credited to offset
NiceGUI: Unauthenticated log-volume denial of service in dynamic resource routes Moderate
CVE-2026-45554 was published for nicegui (pip) May 18, 2026
bitinerant Credited to bitinerant, evnchn, and falkoschindler evnchn evnchn
falkoschindler falkoschindler
NiceGUI: Local file disclosure via Docutils file insertion in ui.restructured_text() High
CVE-2026-45553 was published for nicegui (pip) May 18, 2026
dennyabrahamsinaga Credited to dennyabrahamsinaga, falkoschindler, h3ri0s, and evnchn falkoschindler falkoschindler
h3ri0s h3ri0s evnchn evnchn
OpenTelemetry eBPF Instrumentation: Memcached payload length overflow can crash OBI High
CVE-2026-45686 was published for go.opentelemetry.io/obi (Go) May 18, 2026
MrAlias Credited to MrAlias and grcevski grcevski grcevski
OpenTelemetry eBPF Instrumentation: MongoDB parser panics on malformed wire messages High
CVE-2026-45685 was published for go.opentelemetry.io/obi (Go) May 18, 2026
MrAlias Credited to MrAlias
OpenTelemetry eBPF Instrumentation: Log enricher writev path can overread and overwrite user buffers Moderate
CVE-2026-45684 was published for go.opentelemetry.io/obi (Go) May 18, 2026
MrAlias Credited to MrAlias and mmat11 mmat11 mmat11
OpenTelemetry eBPF Instrumentation: CappedConcurrentHashMap leaks keys after removals Moderate
CVE-2026-45682 was published for go.opentelemetry.io/obi (Go) May 18, 2026
MrAlias Credited to MrAlias and grcevski grcevski grcevski
OpenTelemetry eBPF Instrumentation: Java TLS ioctl kprobe allows kernel memory disclosure Low
CVE-2026-45683 was published for go.opentelemetry.io/obi (Go) May 18, 2026
MrAlias Credited to MrAlias and grcevski grcevski grcevski
OpenTelemetry eBPF Instrumentation: CPU-mismatch fallback uses 256-byte buffer with 8KB size Moderate
CVE-2026-45681 was published for go.opentelemetry.io/obi (Go) May 18, 2026
MrAlias Credited to MrAlias, rafaelroquetto, and mmat11 rafaelroquetto rafaelroquetto
mmat11 mmat11
OpenTelemetry eBPF Instrumentation: Unbounded BPF internal metrics replay can exhaust CPU Moderate
CVE-2026-45680 was published for go.opentelemetry.io/obi (Go) May 18, 2026
MrAlias Credited to MrAlias
Microsoft Security Advisory CVE-2026-35433 – .NET Elevation of Privilege Vulnerability High
CVE-2026-35433 was published for Microsoft.WindowsDesktop.App.Runtime.win-arm64 (NuGet) May 18, 2026
Ky0toFu Credited to Ky0toFu
Microsoft Security Advisory CVE-2026-42899 – ASP.NET Core Denial of Service Vulnerability High
CVE-2026-42899 was published for Microsoft.AspNetCore.App.Runtime.linux-arm (NuGet) May 18, 2026
hamayanhamayan Credited to hamayanhamayan
Microsoft Security Advisory CVE-2026-32175 – .NET Core Tampering Vulnerability High
CVE-2026-32175 was published for Microsoft.NetCore.App.Runtime.win-arm (NuGet) May 18, 2026
ws: Uninitialized memory disclosure Moderate
CVE-2026-45736 was published for ws (npm) May 18, 2026
ChALkeR Credited to ChALkeR
AVideo: Authenticated Arbitrary File Read in view/update.php Moderate
CVE-2026-45731 was published for WWBN/AVideo (Composer) May 18, 2026
pr3ungdt Credited to pr3ungdt
OpenTelemetry eBPF Instrumentation: Postgres BIND parsing can panic on malformed payloads High
CVE-2026-45678 was published for go.opentelemetry.io/obi (Go) May 18, 2026
MrAlias Credited to MrAlias, grcevski, and rafaelroquetto grcevski grcevski
rafaelroquetto rafaelroquetto
OpenTelemetry eBPF Instrumentation: Redis error text is exported in span status messages Moderate
CVE-2026-45679 was published for go.opentelemetry.io/obi (Go) May 18, 2026
MrAlias Credited to MrAlias and grcevski grcevski grcevski
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database