GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
215 advisories
Filter by severity
ASA-2024-0012, ASA-2024-0013: CosmosSDK: Transaction decoding may result in a stack overflow or resource exhaustion
High
GHSA-8wcc-m6j2-qxvm
was published
for
github.com/cosmos/cosmos-sdk
(Go)
Dec 16, 2024
smol-toml has a Denial of Service via malicious TOML document using deeply nested inline tables
Moderate
GHSA-pqhp-25j4-6hq9
was published
for
smol-toml
(npm)
Nov 22, 2024
In Faust 2.23.1, an input file with the lines "// r visualisation tCst" and "//process = +: L:...
High
Unreviewed
CVE-2021-41737
was published
Nov 11, 2024
Exiv2 has a denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder
Moderate
CVE-2024-25112
was published
for
exiv2
(pip)
Oct 17, 2024
Denial of Service condition in Next.js image optimization
Moderate
CVE-2024-47831
was published
for
next
(npm)
Oct 14, 2024
Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic...
High
Unreviewed
CVE-2024-34158
was published
Sep 6, 2024
In the Linux kernel, the following vulnerability has been resolved:
vsock: fix recursive -...
Moderate
Unreviewed
CVE-2024-44996
was published
Sep 4, 2024
freewvs's nested directory structure can interrupt scan
Low
CVE-2020-15101
was published
for
freewvs
(pip)
Aug 30, 2024
Apollo Query Planner and Apollo Gateway may infinitely loop on sufficiently complex queries
High
CVE-2024-43414
was published
for
@apollo/gateway
(npm)
Aug 27, 2024
matrix-js-sdk will freeze when a user sets a room with itself as a its predecessor
Moderate
CVE-2024-42369
was published
for
matrix-js-sdk
(npm)
Aug 20, 2024
Miniscript allows stack consumption
Moderate
CVE-2024-44073
was published
for
miniscript
(Rust)
Aug 19, 2024
In Xpdf 4.05 (and earlier), a PDF object loop in a pattern resource leads to infinite recursion...
Low
Unreviewed
CVE-2024-7866
was published
Aug 15, 2024
Secure Boot Security Feature Bypass Vulnerability
High
Unreviewed
CVE-2024-37973
was published
Jul 9, 2024
Undertow Denial of Service vulnerability
High
CVE-2024-5971
was published
for
io.undertow:undertow-core
(Maven)
Jul 8, 2024
Denial of service in langchain-community
Moderate
CVE-2024-2965
was published
for
langchain
(pip)
Jun 6, 2024
HDF5 Library through 1.14.3 allows stack consumption in the function H5E_printf_stack in H5Eint.c.
High
Unreviewed
CVE-2024-32609
was published
May 14, 2024
In Xpdf 4.05 (and earlier), a PDF object loop in the PDF resources leads to infinite recursion...
Low
Unreviewed
CVE-2024-4568
was published
May 6, 2024
Duplicate Advisory: sqlparse parsing heavily nested list leads to Denial of Service
High
GHSA-62qf-jcq8-8gxw
was published
for
sqlparse
(pip)
Apr 30, 2024
•
withdrawn
sqlparse parsing heavily nested list leads to Denial of Service
High
CVE-2024-4340
was published
for
sqlparse
(pip)
Apr 15, 2024
In Xpdf 4.05 (and earlier), a PDF object loop in an object stream leads to infinite recursion and...
Low
Unreviewed
CVE-2024-3247
was published
Apr 3, 2024
In Xpdf 4.05 (and earlier), a PDF object loop in the attachments leads to infinite recursion and...
Low
Unreviewed
CVE-2024-3248
was published
Apr 3, 2024
LinuxServer.io Heimdall before 2.5.7 does not prevent use of icons that have non-image data such...
Critical
Unreviewed
CVE-2023-51803
was published
Apr 1, 2024
A vulnerability in the Locator ID Separation Protocol (LISP) feature of Cisco IOS Software and...
High
Unreviewed
CVE-2024-20311
was published
Mar 27, 2024
KaTeX's maxExpand bypassed by Unicode sub/superscripts
Moderate
CVE-2024-28244
was published
for
katex
(npm)
Mar 25, 2024
ProTip!
Advisories are also available from the
GraphQL API