Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+

215 advisories

Loading
compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption because of... Moderate Unreviewed
CVE-2022-30974 was published May 19, 2022
In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE... Moderate Unreviewed
CVE-2019-11779 was published May 24, 2022
An exploitable denial-of-service vulnerability exists in the mdnscap binary of the CUJO Smart... High Unreviewed
CVE-2018-4002 was published May 24, 2022
ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because... Moderate Unreviewed
CVE-2019-18853 was published May 24, 2022
A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba... Moderate Unreviewed
CVE-2020-10704 was published May 24, 2022
Products with Unified Automation .NET based OPC UA Client/Server SDK Bundle: Versions V3.0.7 and... High Unreviewed
CVE-2021-27434 was published May 24, 2022
An exploitable denial-of-service vulnerability exists in the resource record-parsing... Moderate Unreviewed
CVE-2020-6071 was published May 24, 2022
PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against... Moderate Unreviewed
CVE-2020-10995 was published May 24, 2022
Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack"... Moderate Unreviewed
CVE-2020-12662 was published May 24, 2022
ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via... Moderate Unreviewed
CVE-2020-13800 was published May 24, 2022
HAProxyMessageDecoder Stack Exhaustion DoS Moderate
CVE-2022-41881 was published for io.netty:netty-codec-haproxy (Maven) Dec 12, 2022
In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious IMAP server can trigger... Moderate Unreviewed
CVE-2020-16094 was published May 24, 2022
url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger... Moderate Unreviewed
CVE-2020-25219 was published May 24, 2022
MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via... High Unreviewed
CVE-2020-28196 was published May 24, 2022
An issue was discovered in Xen through 4.14.x. When they require assistance from the device model... Moderate Unreviewed
CVE-2020-29566 was published May 24, 2022
The fb_unserialize function did not impose a depth limit for nested deserialization. That meant a... High Unreviewed
CVE-2020-1898 was published May 24, 2022
Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an... High Unreviewed
CVE-2022-28131 was published Aug 11, 2022
An issue was discovered in OSSEC 3.6.0. An uncontrolled recursion vulnerability in os_xml.c... High Unreviewed
CVE-2021-28040 was published May 24, 2022
A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(),... Moderate Unreviewed
CVE-2021-30470 was published May 24, 2022
A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary... Moderate Unreviewed
CVE-2021-30471 was published May 24, 2022
A stack overflow in libyang <= v1.0.225 can cause a denial of service through function... High Unreviewed
CVE-2021-28903 was published May 24, 2022
OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are... High Unreviewed
CVE-2021-27432 was published May 24, 2022
An unlimited recursion in DxeCore in EDK II. High Unreviewed
CVE-2021-28210 was published May 24, 2022
In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote... Moderate Unreviewed
CVE-2020-12100 was published May 24, 2022
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows stack consumption... High Unreviewed
CVE-2021-38569 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database