GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
11 advisories
OpenTelemetry.Sampler.AWS & OpenTelemetry.Resources.AWS have unbounded HTTP response body reads
Moderate
CVE-2026-41173
was published
for
OpenTelemetry.Resources.AWS
(NuGet)
Apr 23, 2026
OpenTelemetry dotnet: Excessive memory allocation when parsing OpenTelemetry propagation headers
Moderate
CVE-2026-40894
was published
for
OpenTelemetry.Api
(NuGet)
Apr 23, 2026
OpenTelemetry dotnet: Unbounded `grpc-status-details-bin` parsing in OTLP/gRPC retry handling
Moderate
CVE-2026-40891
was published
for
OpenTelemetry.Exporter.OpenTelemetryProtocol
(NuGet)
Apr 23, 2026
OpenTelemetry dotnet: OTLP exporter reads unbounded HTTP response bodies
Moderate
CVE-2026-40182
was published
for
OpenTelemetry.Exporter.OpenTelemetryProtocol
(NuGet)
Apr 23, 2026
OpenTelemetry .NET has potential memory exhaustion via unbounded pooled-list sizing in Jaeger exporter conversion path
Moderate
CVE-2026-41078
was published
for
OpenTelemetry.Exporter.Jaeger
(NuGet)
Apr 18, 2026
OpenTelemetry eBPF Instrumentation: Privileged Java agent injection allows arbitrary host file overwrite via untrusted TMPDIR
High
GHSA-8gmg-3w2q-65f4
was published
for
go.opentelemetry.io/obi
(Go)
Apr 17, 2026
OpenTelemetry Go SDK Vulnerable to Arbitrary Code Execution via PATH Hijacking
High
CVE-2026-24051
was published
for
go.opentelemetry.io/otel/sdk
(Go)
Feb 2, 2026
OpenTelemetry Collector module AWS Firehose Receiver Authentication Bypass Vulnerability
Moderate
CVE-2024-45043
was published
for
github.com/open-telemetry/opentelemetry-collector-contrib/receiver/awsfirehosereceiver
(Go)
Aug 29, 2024
open-telemetry has an Observable Timing Discrepancy
Moderate
CVE-2024-42368
was published
for
github.com/open-telemetry/opentelemetry-collector-contrib/extension/bearertokenauthextension
(Go)
Aug 13, 2024
Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC
High
CVE-2024-36129
was published
for
go.opentelemetry.io/collector/config/configgrpc
(Go)
Jun 5, 2024
OpenTelemetry-Go Contrib vulnerable to denial of service in otelhttp due to unbound cardinality metrics
High
CVE-2023-45142
was published
for
go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful
(Go)
Oct 16, 2023
ProTip!
Advisories are also available from the
GraphQL API