Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,739
Maven
5,000+
npm
4,338
NuGet
765
pip
4,112
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

268 advisories

Loading
It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not... High Unreviewed
CVE-2016-9597 was published May 13, 2022
In dotCMS 5.x-22.06, it is possible to call the TempResource multiple times, each time requesting... Moderate Unreviewed
CVE-2022-37034 was published Feb 2, 2023
find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as... Moderate Unreviewed
CVE-2019-17450 was published May 24, 2022
Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c. Moderate Unreviewed
CVE-2019-16163 was published May 24, 2022
LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass:... Moderate Unreviewed
CVE-2018-20822 was published May 24, 2022
The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service ... Moderate Unreviewed
CVE-2018-20821 was published May 24, 2022
Moodle vulnerable to Uncontrolled Resource Consumption High
CVE-2021-36395 was published for moodle/moodle (Composer) Mar 6, 2023
Jettison vulnerable to infinite recursion High
CVE-2023-1436 was published for org.codehaus.jettison:jettison (Maven) Mar 22, 2023
An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c allows attackers to cause a... Moderate Unreviewed
CVE-2020-36691 was published Mar 24, 2023
A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial... Moderate Unreviewed
CVE-2021-3997 was published Aug 24, 2022
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Moderate Unreviewed
CVE-2022-1771 was published May 19, 2022
GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 has a segment fault (/stack overflow) due to infinite... Moderate Unreviewed
CVE-2022-47662 was published Jan 5, 2023
Uncontrolled Recursion in GitHub repository gpac/gpac prior to 2.1.0-DEV. Moderate Unreviewed
CVE-2022-3222 was published Sep 16, 2022
Uncontrolled recursion leads to abort in deserialization Moderate
GHSA-39vw-qp34-rmwf was published for serde_yaml (Rust) Aug 25, 2021
Uncontrolled recursion in rust-yaml High
CVE-2018-20993 was published for yaml-rust (Rust) Aug 25, 2021
Uncontrolled recursion in trust-dns-proto High
CVE-2018-20994 was published for trust-dns-proto (Rust) Aug 25, 2021
Uncontrolled Recursion in HTTP2ToRawGRPCServerCodec Moderate
CVE-2021-36154 was published for github.com/grpc/grpc-swift (Swift) May 22, 2023
XStream can cause Denial of Service via stack overflow High
CVE-2022-41966 was published for com.thoughtworks.xstream:xstream (Maven) Dec 29, 2022
A vulnerability has been found in Nintendo Game Boy Color and classified as problematic. This... High Unreviewed
CVE-2022-3216 was published Sep 15, 2022
Vapor vulnerable to denial of service in URLEncodedFormDecoder High
CVE-2022-31019 was published for github.com/vapor/vapor (Swift) Jun 7, 2023
weissi
Credited to weissi
Routinator infinite loop vulnerability High
CVE-2021-43172 was published for routinator (Rust) May 24, 2022
Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of... High Unreviewed
CVE-2022-23460 was published Aug 20, 2022
Jettison memory exhaustion High
CVE-2022-40150 was published for org.codehaus.jettison:jettison (Maven) Sep 17, 2022
Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager,... High Unreviewed
CVE-2022-28773 was published Apr 13, 2022
Juniper is vulnerable to @DOS GraphQL Nested Fragments overflow High
CVE-2022-31173 was published for juniper (Rust) Jul 29, 2022
MdotTIM c0mp1eks
nullswan
Credited to MdotTIM, c0mp1eks, and nullswan
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database