Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

58 advisories

Loading
Denial of Service in mqtt Moderate
CVE-2017-10910 was published for mqtt (npm) Dec 28, 2017
Uncontrolled recursion in ammonia High
CVE-2019-15542 was published for ammonia (Rust) Aug 25, 2021
Logic error in Apache Pinot High
CVE-2022-23974 was published for org.apache.pinot:pinot (Maven) Apr 6, 2022
Improper path handling in Kustomization files allows for denial of service High
CVE-2022-24878 was published for github.com/fluxcd/flux2 (Go) May 20, 2022
hiddeco
Uncontrolled Recursion in Akka HTTP High
CVE-2021-42697 was published for com.typesafe.akka:akka-http (Maven) May 24, 2022
Uncontrolled Recursion in rulex Moderate
CVE-2022-31099 was published for rulex (Rust) Jun 22, 2022
evanrichter
vm2 before 3.6.11 vulnerable to sandbox escape High
CVE-2019-10761 was published for vm2 (npm) Jul 14, 2022
Denial of Service in Elasticsearch Moderate
CVE-2021-22144 was published for org.elasticsearch:elasticsearch (Maven) Aug 9, 2021
Apache ORC vulnerable to Uncontrolled Recursion High
CVE-2018-8015 was published for org.apache.orc:orc (Maven) May 13, 2022
HAProxyMessageDecoder Stack Exhaustion DoS Moderate
CVE-2022-41881 was published for io.netty:netty-codec-haproxy (Maven) Dec 12, 2022
Apache Log4j2 vulnerable to Improper Input Validation and Uncontrolled Recursion High
CVE-2021-45105 was published for org.apache.logging.log4j:log4j-core (Maven) Dec 18, 2021
chrisbloom7 levinebw
TYPO3 CMS vulnerable to Denial of Service in Page Error Handling Moderate
CVE-2022-23500 was published for typo3/cms (Composer) Dec 13, 2022
Uncontrolled Recursion in Play Framework High
CVE-2020-26883 was published for com.typesafe.play:play (Maven) Feb 10, 2022
Data Amplification in Play Framework High
CVE-2020-26882 was published for com.typesafe.play:play (Maven) Feb 10, 2022
Moodle vulnerable to Uncontrolled Resource Consumption High
CVE-2021-36395 was published for moodle/moodle (Composer) Mar 6, 2023
Jettison vulnerable to infinite recursion High
CVE-2023-1436 was published for org.codehaus.jettison:jettison (Maven) Mar 22, 2023
Uncontrolled recursion leads to abort in deserialization Moderate
GHSA-39vw-qp34-rmwf was published for serde_yaml (Rust) Aug 25, 2021
Uncontrolled recursion in rust-yaml High
CVE-2018-20993 was published for yaml-rust (Rust) Aug 25, 2021
Uncontrolled recursion in trust-dns-proto High
CVE-2018-20994 was published for trust-dns-proto (Rust) Aug 25, 2021
Uncontrolled Recursion in HTTP2ToRawGRPCServerCodec Moderate
CVE-2021-36154 was published for github.com/grpc/grpc-swift (Swift) May 22, 2023
XStream can cause Denial of Service via stack overflow High
CVE-2022-41966 was published for com.thoughtworks.xstream:xstream (Maven) Dec 29, 2022
Vapor vulnerable to denial of service in URLEncodedFormDecoder High
CVE-2022-31019 was published for github.com/vapor/vapor (Swift) Jun 7, 2023
weissi
Routinator infinite loop vulnerability High
CVE-2021-43172 was published for routinator (Rust) May 24, 2022
Jettison memory exhaustion High
CVE-2022-40150 was published for org.codehaus.jettison:jettison (Maven) Sep 17, 2022
Juniper is vulnerable to @DOS GraphQL Nested Fragments overflow High
CVE-2022-31173 was published for juniper (Rust) Jul 29, 2022
MdotTIM karimhreda
nullswan
ProTip! Advisories are also available from the GraphQL API