GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
564 advisories
Filter by severity
Improper Handling of Missing Values in kaml
Moderate
CVE-2021-39194
was published
for
com.charleskorn.kaml:kaml
(Maven)
Sep 7, 2021
Integer Overflow/Infinite Loop in the http crate
High
CVE-2020-25574
was published
for
http
(Rust)
Aug 25, 2021
XStream can cause a Denial of Service
Moderate
CVE-2021-39140
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
Uncaught Exception in jsoup
High
CVE-2021-37714
was published
for
org.jsoup:jsoup
(Maven)
Aug 23, 2021
Excessive Iteration in Compress
High
CVE-2021-35515
was published
for
org.apache.commons:commons-compress
(Maven)
Aug 2, 2021
Infinite Loop in Apache PDFBox
Moderate
CVE-2021-31812
was published
for
org.apache.pdfbox:pdfbox
(Maven)
Jun 15, 2021
github.com/ulikunitz/xz fixes readUvarint Denial of Service (DoS)
High
CVE-2021-29482
was published
for
github.com/ulikunitz/xz
(Go)
May 25, 2021
Stack overflow due to looping TFLite subgraph
High
CVE-2021-29591
was published
for
tensorflow
(pip)
May 21, 2021
golang.org/x/text Infinite loop
Moderate
CVE-2020-14040
was published
for
golang.org/x/text
(Go)
May 18, 2021
Infinite Loop in jsonparser
High
CVE-2020-10675
was published
for
github.com/buger/jsonparser
(Go)
May 18, 2021
Use of "infinity" as an input to datetime and date fields causes infinite loop in pydantic
Moderate
CVE-2021-29510
was published
for
pydantic
(pip)
May 13, 2021
Infinite loop in Apache Tika
Moderate
CVE-2021-28657
was published
for
org.apache.tika:tika
(Maven)
May 10, 2021
Infinite Loop in Apache Tika
Moderate
CVE-2020-1951
was published
for
org.apache.tika:tika
(Maven)
May 7, 2021
Missing Release of Memory after Effective Lifetime in Apache Tika
Moderate
CVE-2020-9489
was published
for
org.apache.tika:tika
(Maven)
May 7, 2021
cumulative-distribution-function Infinite Loop vulnerability
High
CVE-2021-29486
was published
for
cumulative-distribution-function
(npm)
May 4, 2021
XStream can cause a Denial of Service.
High
CVE-2021-21341
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
Denial of Service in Apache POI
High
CVE-2017-12626
was published
for
org.apache.poi:poi
(Maven)
Jan 14, 2021
libxml as used in Nokogiri has an infinite loop in a certain end-of-file situation
High
CVE-2020-7595
was published
for
nokogiri
(RubyGems)
Feb 24, 2020
Uncontrolled resource consumption in validators Python package
High
CVE-2019-19588
was published
for
validators
(pip)
Jan 21, 2020
Denial of Service in Apache Commons Compress
High
CVE-2019-12402
was published
for
io.github.1tchy.java9modular.org.apache.commons:commons-compress
(Maven)
Oct 11, 2019
ProTip!
Advisories are also available from the
GraphQL API