GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
11 advisories
OpenTelemetry.Exporter.Instana bypasses TLS certificate validation when a proxy is configured
Moderate
CVE-2026-44213
was published
for
OpenTelemetry.Exporter.Instana
(NuGet)
May 8, 2026
OpAMP client reads unbounded HTTP response bodies
Moderate
CVE-2026-42348
was published
for
OpenTelemetry.OpAmp.Client
(NuGet)
May 5, 2026
OpenTelemetry's disk retry default temp path enables local blob injection via OTLP Exporter
Moderate
CVE-2026-42191
was published
for
OpenTelemetry.Exporter.OpenTelemetryProtocol
(NuGet)
Apr 30, 2026
OneCollector exporter reads unbounded HTTP response bodies
Moderate
CVE-2026-41484
was published
for
OpenTelemetry.Exporter.OneCollector
(NuGet)
Apr 29, 2026
OpenTelemetry.Resources.Azure has an unbounded HTTP response body read
Moderate
CVE-2026-41483
was published
for
OpenTelemetry.Resources.Azure
(NuGet)
Apr 29, 2026
OpenTelemetry's Zipkin remote endpoint cache could grow without bounds and increase memory pressure
Moderate
CVE-2026-41310
was published
for
OpenTelemetry.Exporter.Zipkin
(NuGet)
Apr 28, 2026
OpenTelemetry.Sampler.AWS & OpenTelemetry.Resources.AWS have unbounded HTTP response body reads
Moderate
CVE-2026-41173
was published
for
OpenTelemetry.Resources.AWS
(NuGet)
Apr 23, 2026
OpenTelemetry dotnet: Excessive memory allocation when parsing OpenTelemetry propagation headers
Moderate
CVE-2026-40894
was published
for
OpenTelemetry.Api
(NuGet)
Apr 23, 2026
OpenTelemetry dotnet: Unbounded `grpc-status-details-bin` parsing in OTLP/gRPC retry handling
Moderate
CVE-2026-40891
was published
for
OpenTelemetry.Exporter.OpenTelemetryProtocol
(NuGet)
Apr 23, 2026
OpenTelemetry dotnet: OTLP exporter reads unbounded HTTP response bodies
Moderate
CVE-2026-40182
was published
for
OpenTelemetry.Exporter.OpenTelemetryProtocol
(NuGet)
Apr 23, 2026
Valid ECDSA signatures erroneously rejected in Elliptic
Low
CVE-2024-48948
was published
for
elliptic
(npm)
Oct 15, 2024
ProTip!
Advisories are also available from the
GraphQL API