GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,270
Erlang
31
GitHub Actions
21
Go
2,044
Maven
5,000+
npm
3,736
NuGet
663
pip
3,414
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
215 advisories
Filter by severity
Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to...
High
Unreviewed
CVE-2022-30630
was published
Aug 11, 2022
Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow...
Moderate
Unreviewed
CVE-2022-1962
was published
Aug 11, 2022
graphql-go has infinite recursion in the type definition parser
High
CVE-2022-37315
was published
for
github.com/graphql-go/graphql
(Go)
Aug 2, 2022
Juniper is vulnerable to @DOS GraphQL Nested Fragments overflow
High
CVE-2022-31173
was published
for
juniper
(Rust)
Jul 29, 2022
vm2 before 3.6.11 vulnerable to sandbox escape
High
CVE-2019-10761
was published
for
vm2
(npm)
Jul 14, 2022
URL previews of unusual or maliciously-crafted pages can crash Synapse media repositories or Synapse monoliths
High
CVE-2022-31052
was published
for
matrix-synapse
(pip)
Jun 29, 2022
A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for...
Moderate
Unreviewed
CVE-2019-18854
was published
May 24, 2022
In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could...
High
Unreviewed
CVE-2019-12295
was published
May 24, 2022
When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory function in PluginTIFF.cpp...
Moderate
Unreviewed
CVE-2019-12213
was published
May 24, 2022
Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3...
High
Unreviewed
CVE-2021-39929
was published
May 24, 2022
Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform...
Moderate
Unreviewed
CVE-2021-43519
was published
May 24, 2022
Routinator infinite loop vulnerability
High
CVE-2021-43172
was published
for
routinator
(Rust)
May 24, 2022
Uncontrolled Recursion in Akka HTTP
High
CVE-2021-42697
was published
for
com.typesafe.akka:akka-http
(Maven)
May 24, 2022
A component of the HarmonyOS has a External Control of System or Configuration Setting...
Moderate
Unreviewed
CVE-2021-22454
was published
May 24, 2022
A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call...
Moderate
Unreviewed
CVE-2021-39257
was published
May 24, 2022
A stack exhaustion issue in the printIFDStructure function of Exiv2 0.27 allows remote attackers...
Moderate
Unreviewed
CVE-2020-18898
was published
May 24, 2022
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows stack consumption...
High
Unreviewed
CVE-2021-38569
was published
May 24, 2022
uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitrary depth of parameter...
High
Unreviewed
CVE-2021-36773
was published
May 24, 2022
Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an stack exhaustion vulnerability in the ...
Moderate
Unreviewed
CVE-2020-20213
was published
May 24, 2022
An unlimited recursion in DxeCore in EDK II.
High
Unreviewed
CVE-2021-28210
was published
May 24, 2022
A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed...
High
Unreviewed
CVE-2021-3530
was published
May 24, 2022
Stack overflow vulnerability in parse_array Cesanta MJS 1.20.1, allows remote attackers to cause...
Moderate
Unreviewed
CVE-2020-18392
was published
May 24, 2022
A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(),...
Moderate
Unreviewed
CVE-2021-30470
was published
May 24, 2022
A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary...
Moderate
Unreviewed
CVE-2021-30471
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API