GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
67 advisories
Filter by severity
A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed...
High
Unreviewed
CVE-2021-3530
was published
May 24, 2022
uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitrary depth of parameter...
High
Unreviewed
CVE-2021-36773
was published
May 24, 2022
Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an...
High
Unreviewed
CVE-2022-30631
was published
Aug 11, 2022
Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an...
High
Unreviewed
CVE-2022-30632
was published
Aug 11, 2022
Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows...
High
Unreviewed
CVE-2022-30635
was published
Aug 11, 2022
Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to...
High
Unreviewed
CVE-2022-30630
was published
Aug 11, 2022
Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an...
High
Unreviewed
CVE-2022-30633
was published
Aug 11, 2022
An issue was discovered in Artifex MuJS 1.0.5. It has unlimited recursion because the match...
High
Unreviewed
CVE-2019-11413
was published
May 24, 2022
An exploitable denial-of-service vulnerability exists in the mdnscap binary of the CUJO Smart...
High
Unreviewed
CVE-2018-4002
was published
May 24, 2022
Products with Unified Automation .NET based OPC UA Client/Server SDK Bundle: Versions V3.0.7 and...
High
Unreviewed
CVE-2021-27434
was published
May 24, 2022
MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via...
High
Unreviewed
CVE-2020-28196
was published
May 24, 2022
The fb_unserialize function did not impose a depth limit for nested deserialization. That meant a...
High
Unreviewed
CVE-2020-1898
was published
May 24, 2022
Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an...
High
Unreviewed
CVE-2022-28131
was published
Aug 11, 2022
An issue was discovered in OSSEC 3.6.0. An uncontrolled recursion vulnerability in os_xml.c...
High
Unreviewed
CVE-2021-28040
was published
May 24, 2022
A stack overflow in libyang <= v1.0.225 can cause a denial of service through function...
High
Unreviewed
CVE-2021-28903
was published
May 24, 2022
OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are...
High
Unreviewed
CVE-2021-27432
was published
May 24, 2022
An unlimited recursion in DxeCore in EDK II.
High
Unreviewed
CVE-2021-28210
was published
May 24, 2022
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows stack consumption...
High
Unreviewed
CVE-2021-38569
was published
May 24, 2022
In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could...
High
Unreviewed
CVE-2019-12295
was published
May 24, 2022
Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3...
High
Unreviewed
CVE-2021-39929
was published
May 24, 2022
Mastodon through 4.0.2 allows attackers to cause a denial of service (large Sidekiq pull queue)...
High
Unreviewed
CVE-2022-46405
was published
Dec 4, 2022
An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream:...
High
Unreviewed
CVE-2019-9543
was published
May 13, 2022
An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1...
High
Unreviewed
CVE-2018-6003
was published
May 13, 2022
An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream:...
High
Unreviewed
CVE-2019-9545
was published
May 13, 2022
libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of...
High
Unreviewed
CVE-2017-9438
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API