GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
53 advisories
Filter by severity
freewvs's nested directory structure can interrupt scan
Low
CVE-2020-15101
was published
for
freewvs
(pip)
Aug 30, 2024
Apollo Query Planner and Apollo Gateway may infinitely loop on sufficiently complex queries
High
CVE-2024-43414
was published
for
@apollo/gateway
(npm)
Aug 27, 2024
matrix-js-sdk will freeze when a user sets a room with itself as a its predecessor
Moderate
CVE-2024-42369
was published
for
matrix-js-sdk
(npm)
Aug 20, 2024
Miniscript allows stack consumption
Moderate
CVE-2024-44073
was published
for
miniscript
(Rust)
Aug 19, 2024
Undertow Denial of Service vulnerability
High
CVE-2024-5971
was published
for
io.undertow:undertow-core
(Maven)
Jul 8, 2024
Duplicate Advisory: sqlparse parsing heavily nested list leads to Denial of Service
High
GHSA-62qf-jcq8-8gxw
was published
for
sqlparse
(pip)
Apr 30, 2024
•
withdrawn
sqlparse parsing heavily nested list leads to Denial of Service
High
CVE-2024-4340
was published
for
sqlparse
(pip)
Apr 15, 2024
KaTeX's maxExpand bypassed by Unicode sub/superscripts
Moderate
CVE-2024-28244
was published
for
katex
(npm)
Mar 25, 2024
KaTeX's maxExpand bypassed by `\edef`
Moderate
CVE-2024-28243
was published
for
katex
(npm)
Mar 25, 2024
orjson does not limit recursion for deeply nested JSON documents
High
CVE-2024-27454
was published
for
orjson
(pip)
Feb 26, 2024
Uncontrolled Recursion in SurrealQL Parsing
Moderate
GHSA-6r8p-hpg7-825g
was published
for
surrealdb
(Rust)
Jan 18, 2024
msgpackr's conversion of property names to strings can trigger infinite recursion
High
CVE-2023-52079
was published
for
msgpackr
(npm)
Dec 28, 2023
Denial of service caused by infinite recursion when parsing SVG document
Moderate
CVE-2023-50251
was published
for
phenx/php-svg-lib
(Composer)
Dec 13, 2023
Remarshal expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack
High
CVE-2023-47163
was published
for
remarshal
(pip)
Nov 13, 2023
Vapor vulnerable to denial of service in URLEncodedFormDecoder
High
CVE-2022-31019
was published
for
github.com/vapor/vapor
(Swift)
Jun 7, 2023
Uncontrolled Recursion in HTTP2ToRawGRPCServerCodec
Moderate
CVE-2021-36154
was published
for
github.com/grpc/grpc-swift
(Swift)
May 22, 2023
Karate has vulnerable dependency on json-smart package (CVE-2023-1370)
High
GHSA-5x5q-8cgm-2hjq
was published
for
com.intuit.karate:karate-core
(Maven)
Mar 31, 2023
json-smart Uncontrolled Recursion vulnerabilty
High
CVE-2023-1370
was published
for
net.minidev:json-smart
(Maven)
Mar 23, 2023
Jettison vulnerable to infinite recursion
High
CVE-2023-1436
was published
for
org.codehaus.jettison:jettison
(Maven)
Mar 22, 2023
Moodle vulnerable to Uncontrolled Resource Consumption
High
CVE-2021-36395
was published
for
moodle/moodle
(Composer)
Mar 6, 2023
XStream can cause Denial of Service via stack overflow
High
CVE-2022-41966
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Dec 29, 2022
Uncontrolled Recursion in Loofah
High
CVE-2022-23516
was published
for
loofah
(RubyGems)
Dec 13, 2022
TYPO3 CMS vulnerable to Denial of Service in Page Error Handling
Moderate
CVE-2022-23500
was published
for
typo3/cms
(Composer)
Dec 13, 2022
HAProxyMessageDecoder Stack Exhaustion DoS
Moderate
CVE-2022-41881
was published
for
io.netty:netty-codec-haproxy
(Maven)
Dec 12, 2022
ProTip!
Advisories are also available from the
GraphQL API