GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
12,220 advisories
js-libp2p: Memory DoS via subscription flood of unique topics
High
CVE-2026-46679
was published
for
@libp2p/gossipsub
(npm)
May 21, 2026
@libp2p/kad-dht: Unvalidated PUT_VALUE records allow unbounded disk exhaustion on DHT server nodes
High
CVE-2026-45783
was published
for
@libp2p/kad-dht
(npm)
May 19, 2026
Apify Model Context Protocol (MCP) server: Domain Allowlist Bypass in fetch-apify-docs via String Prefix Matching
Moderate
CVE-2026-46341
was published
for
@apify/actors-mcp-server
(npm)
May 19, 2026
Algernon: handler.lua discovery walks parent directories above the server root
Critical
CVE-2026-45721
was published
for
github.com/xyproto/algernon
(Go)
May 19, 2026
OpenTelemetry eBPF Instrumentation: MongoDB parser panics on malformed wire messages
High
CVE-2026-45685
was published
for
go.opentelemetry.io/obi
(Go)
May 18, 2026
Microsoft Security Advisory CVE-2026-35433 – .NET Elevation of Privilege Vulnerability
High
CVE-2026-35433
was published
for
Microsoft.WindowsDesktop.App.Runtime.win-arm64
(NuGet)
May 18, 2026
OpenTelemetry eBPF Instrumentation: Postgres BIND parsing can panic on malformed payloads
High
CVE-2026-45678
was published
for
go.opentelemetry.io/obi
(Go)
May 18, 2026
OpenTelemetry eBPF Instrumentation: Unsafe fastelf parsing allows malformed ELF to crash agent
Moderate
CVE-2026-45676
was published
for
go.opentelemetry.io/obi
(Go)
May 18, 2026
Caddy: Unsafe Unicode Handling in FastCGI splitPos Allows Execution of Non-PHP Files
High
CVE-2026-45135
was published
for
github.com/caddyserver/caddy/v2
(Go)
May 18, 2026
ProTip!
Advisories are also available from the
GraphQL API