GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
15 advisories
OpenTelemetry's disk retry default temp path enables local blob injection via OTLP Exporter
Moderate
CVE-2026-42191
was published
for
OpenTelemetry.Exporter.OpenTelemetryProtocol
(NuGet)
Apr 30, 2026
OpAMP client reads unbounded HTTP response bodies
Moderate
CVE-2026-42348
was published
for
OpenTelemetry.OpAmp.Client
(NuGet)
May 5, 2026
Prometheus exporter process crash via malformed HTTP request
High
CVE-2026-44902
was published
for
@opentelemetry/auto-instrumentations-node
(npm)
May 11, 2026
OpenTelemetry's Zipkin remote endpoint cache could grow without bounds and increase memory pressure
Moderate
CVE-2026-41310
was published
for
OpenTelemetry.Exporter.Zipkin
(NuGet)
Apr 28, 2026
OpenTelemetry eBPF Instrumentation: Privileged Java agent injection allows arbitrary host file overwrite via untrusted TMPDIR
High
CVE-2026-41433
was published
for
go.opentelemetry.io/obi
(Go)
Apr 17, 2026
OpenTelemetry .NET has potential memory exhaustion via unbounded pooled-list sizing in Jaeger exporter conversion path
Moderate
CVE-2026-41078
was published
for
OpenTelemetry.Exporter.Jaeger
(NuGet)
Apr 18, 2026
OpenTelemetry.Sampler.AWS & OpenTelemetry.Resources.AWS have unbounded HTTP response body reads
Moderate
CVE-2026-41173
was published
for
OpenTelemetry.Resources.AWS
(NuGet)
Apr 23, 2026
OpenTelemetry dotnet: Excessive memory allocation when parsing OpenTelemetry propagation headers
Moderate
CVE-2026-40894
was published
for
OpenTelemetry.Api
(NuGet)
Apr 23, 2026
OpenTelemetry dotnet: Unbounded `grpc-status-details-bin` parsing in OTLP/gRPC retry handling
Moderate
CVE-2026-40891
was published
for
OpenTelemetry.Exporter.OpenTelemetryProtocol
(NuGet)
Apr 23, 2026
OpenTelemetry dotnet: OTLP exporter reads unbounded HTTP response bodies
Moderate
CVE-2026-40182
was published
for
OpenTelemetry.Exporter.OpenTelemetryProtocol
(NuGet)
Apr 23, 2026
OpenTelemetry Go SDK Vulnerable to Arbitrary Code Execution via PATH Hijacking
High
CVE-2026-24051
was published
for
go.opentelemetry.io/otel/sdk
(Go)
Feb 2, 2026
OpenTelemetry Collector module AWS Firehose Receiver Authentication Bypass Vulnerability
Moderate
CVE-2024-45043
was published
for
github.com/open-telemetry/opentelemetry-collector-contrib/receiver/awsfirehosereceiver
(Go)
Aug 29, 2024
open-telemetry has an Observable Timing Discrepancy
Moderate
CVE-2024-42368
was published
for
github.com/open-telemetry/opentelemetry-collector-contrib/extension/bearertokenauthextension
(Go)
Aug 13, 2024
Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC
High
CVE-2024-36129
was published
for
go.opentelemetry.io/collector/config/configgrpc
(Go)
Jun 5, 2024
OpenTelemetry-Go Contrib vulnerable to denial of service in otelhttp due to unbound cardinality metrics
High
CVE-2023-45142
was published
for
go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful
(Go)
Oct 16, 2023
ProTip!
Advisories are also available from the
GraphQL API