GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,270
Erlang
31
GitHub Actions
21
Go
2,044
Maven
5,000+
npm
3,736
NuGet
663
pip
3,414
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
215 advisories
Filter by severity
ASA-2024-0012, ASA-2024-0013: CosmosSDK: Transaction decoding may result in a stack overflow or resource exhaustion
High
GHSA-8wcc-m6j2-qxvm
was published
for
github.com/cosmos/cosmos-sdk
(Go)
Dec 16, 2024
smol-toml has a Denial of Service via malicious TOML document using deeply nested inline tables
Moderate
GHSA-pqhp-25j4-6hq9
was published
for
smol-toml
(npm)
Nov 22, 2024
In Faust 2.23.1, an input file with the lines "// r visualisation tCst" and "//process = +: L:...
High
Unreviewed
CVE-2021-41737
was published
Nov 11, 2024
Stack overflow in `ParseAttrValue` with nested tensors
Low
CVE-2021-29615
was published
for
tensorflow
(pip)
May 21, 2021
Denial of Service condition in Next.js image optimization
Moderate
CVE-2024-47831
was published
for
next
(npm)
Oct 14, 2024
Denial of service in langchain-community
Moderate
CVE-2024-2965
was published
for
langchain
(pip)
Jun 6, 2024
Stack overflow due to looping TFLite subgraph
High
CVE-2021-29591
was published
for
tensorflow
(pip)
May 21, 2021
Karate has vulnerable dependency on json-smart package (CVE-2023-1370)
High
GHSA-5x5q-8cgm-2hjq
was published
for
com.intuit.karate:karate-core
(Maven)
Mar 31, 2023
Remarshal expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack
High
CVE-2023-47163
was published
for
remarshal
(pip)
Nov 13, 2023
Exiv2 has a denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder
Moderate
CVE-2024-25112
was published
for
exiv2
(pip)
Oct 17, 2024
GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of...
High
Unreviewed
CVE-2024-0208
was published
Jan 3, 2024
DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or...
High
Unreviewed
CVE-2024-0211
was published
Jan 3, 2024
URL previews of unusual or maliciously-crafted pages can crash Synapse media repositories or Synapse monoliths
High
CVE-2022-31052
was published
for
matrix-synapse
(pip)
Jun 29, 2022
Undertow Denial of Service vulnerability
High
CVE-2024-5971
was published
for
io.undertow:undertow-core
(Maven)
Jul 8, 2024
In the Linux kernel, the following vulnerability has been resolved:
vsock: fix recursive -...
Moderate
Unreviewed
CVE-2024-44996
was published
Sep 4, 2024
Apollo Query Planner and Apollo Gateway may infinitely loop on sufficiently complex queries
High
CVE-2024-43414
was published
for
@apollo/gateway
(npm)
Aug 27, 2024
svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in...
Moderate
Unreviewed
CVE-2019-6131
was published
May 13, 2022
Miniscript allows stack consumption
Moderate
CVE-2024-44073
was published
for
miniscript
(Rust)
Aug 19, 2024
Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic...
High
Unreviewed
CVE-2024-34158
was published
Sep 6, 2024
freewvs's nested directory structure can interrupt scan
Low
CVE-2020-15101
was published
for
freewvs
(pip)
Aug 30, 2024
LinuxServer.io Heimdall before 2.5.7 does not prevent use of icons that have non-image data such...
Critical
Unreviewed
CVE-2023-51803
was published
Apr 1, 2024
In Xpdf 4.05 (and earlier), a PDF object loop in a pattern resource leads to infinite recursion...
Low
Unreviewed
CVE-2024-7866
was published
Aug 15, 2024
matrix-js-sdk will freeze when a user sets a room with itself as a its predecessor
Moderate
CVE-2024-42369
was published
for
matrix-js-sdk
(npm)
Aug 20, 2024
ProTip!
Advisories are also available from the
GraphQL API