Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

214 advisories

Loading
Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow... Moderate Unreviewed
CVE-2022-1962 was published Aug 11, 2022
graphql-go has infinite recursion in the type definition parser High
CVE-2022-37315 was published for github.com/graphql-go/graphql (Go) Aug 2, 2022
Juniper is vulnerable to @DOS GraphQL Nested Fragments overflow High
CVE-2022-31173 was published for juniper (Rust) Jul 29, 2022
MdotTIM karimhreda
nullswan
vm2 before 3.6.11 vulnerable to sandbox escape High
CVE-2019-10761 was published for vm2 (npm) Jul 14, 2022
URL previews of unusual or maliciously-crafted pages can crash Synapse media repositories or Synapse monoliths High
CVE-2022-31052 was published for matrix-synapse (pip) Jun 29, 2022
Uncontrolled Recursion in rulex Moderate
CVE-2022-31099 was published for rulex (Rust) Jun 22, 2022
evanrichter
A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for... Moderate Unreviewed
CVE-2019-18854 was published May 24, 2022
In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could... High Unreviewed
CVE-2019-12295 was published May 24, 2022
When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory function in PluginTIFF.cpp... Moderate Unreviewed
CVE-2019-12213 was published May 24, 2022
Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3... High Unreviewed
CVE-2021-39929 was published May 24, 2022
Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform... Moderate Unreviewed
CVE-2021-43519 was published May 24, 2022
Routinator infinite loop vulnerability High
CVE-2021-43172 was published for routinator (Rust) May 24, 2022
Uncontrolled Recursion in Akka HTTP High
CVE-2021-42697 was published for com.typesafe.akka:akka-http (Maven) May 24, 2022
A component of the HarmonyOS has a External Control of System or Configuration Setting... Moderate Unreviewed
CVE-2021-22454 was published May 24, 2022
A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call... Moderate Unreviewed
CVE-2021-39257 was published May 24, 2022
A stack exhaustion issue in the printIFDStructure function of Exiv2 0.27 allows remote attackers... Moderate Unreviewed
CVE-2020-18898 was published May 24, 2022
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows stack consumption... High Unreviewed
CVE-2021-38569 was published May 24, 2022
uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitrary depth of parameter... High Unreviewed
CVE-2021-36773 was published May 24, 2022
Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an stack exhaustion vulnerability in the ... Moderate Unreviewed
CVE-2020-20213 was published May 24, 2022
An unlimited recursion in DxeCore in EDK II. High Unreviewed
CVE-2021-28210 was published May 24, 2022
A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed... High Unreviewed
CVE-2021-3530 was published May 24, 2022
Stack overflow vulnerability in parse_array Cesanta MJS 1.20.1, allows remote attackers to cause... Moderate Unreviewed
CVE-2020-18392 was published May 24, 2022
A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary... Moderate Unreviewed
CVE-2021-30471 was published May 24, 2022
A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(),... Moderate Unreviewed
CVE-2021-30470 was published May 24, 2022
golang.org/x/net/http/httpguts vulnerable to Uncontrolled Recursion Moderate
CVE-2021-31525 was published for golang.org/x/net (Go) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database