Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+

103 advisories

Loading
json-smart Uncontrolled Recursion vulnerabilty High
CVE-2023-1370 was published for net.minidev:json-smart (Maven) Mar 23, 2023
Jettison vulnerable to infinite recursion High
CVE-2023-1436 was published for org.codehaus.jettison:jettison (Maven) Mar 22, 2023
Moodle vulnerable to Uncontrolled Resource Consumption High
CVE-2021-36395 was published for moodle/moodle (Composer) Mar 6, 2023
A remote attacker might be able to cause infinite recursion in PowerDNS Recursor 4.8.0 via a DNS... High Unreviewed
CVE-2023-22617 was published Jan 21, 2023
XStream can cause Denial of Service via stack overflow High
CVE-2022-41966 was published for com.thoughtworks.xstream:xstream (Maven) Dec 29, 2022
Uncontrolled Recursion in Loofah High
CVE-2022-23516 was published for loofah (RubyGems) Dec 13, 2022
Mastodon through 4.0.2 allows attackers to cause a denial of service (large Sidekiq pull queue)... High Unreviewed
CVE-2022-46405 was published Dec 4, 2022
It was possible to trigger an infinite recursion condition in the error handler when Hermes... High Unreviewed
CVE-2022-27810 was published Oct 7, 2022
Jettison memory exhaustion High
CVE-2022-40150 was published for org.codehaus.jettison:jettison (Maven) Sep 17, 2022
A vulnerability has been found in Nintendo Game Boy Color and classified as problematic. This... High Unreviewed
CVE-2022-3216 was published Sep 15, 2022
Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of... High Unreviewed
CVE-2022-23460 was published Aug 20, 2022
Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows... High Unreviewed
CVE-2022-30635 was published Aug 11, 2022
Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an... High Unreviewed
CVE-2022-30633 was published Aug 11, 2022
Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an... High Unreviewed
CVE-2022-30631 was published Aug 11, 2022
Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an... High Unreviewed
CVE-2022-30632 was published Aug 11, 2022
Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to... High Unreviewed
CVE-2022-30630 was published Aug 11, 2022
Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an... High Unreviewed
CVE-2022-28131 was published Aug 11, 2022
graphql-go has infinite recursion in the type definition parser High
CVE-2022-37315 was published for github.com/graphql-go/graphql (Go) Aug 2, 2022
Juniper is vulnerable to @DOS GraphQL Nested Fragments overflow High
CVE-2022-31173 was published for juniper (Rust) Jul 29, 2022
MdotTIM karimhreda
nullswan
vm2 before 3.6.11 vulnerable to sandbox escape High
CVE-2019-10761 was published for vm2 (npm) Jul 14, 2022
URL previews of unusual or maliciously-crafted pages can crash Synapse media repositories or Synapse monoliths High
CVE-2022-31052 was published for matrix-synapse (pip) Jun 29, 2022
In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could... High Unreviewed
CVE-2019-12295 was published May 24, 2022
Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3... High Unreviewed
CVE-2021-39929 was published May 24, 2022
Routinator infinite loop vulnerability High
CVE-2021-43172 was published for routinator (Rust) May 24, 2022
Uncontrolled Recursion in Akka HTTP High
CVE-2021-42697 was published for com.typesafe.akka:akka-http (Maven) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database