GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
45 advisories
Filter by severity
Predictable results in nanoid generation when given non-integer values
Moderate
CVE-2024-55565
was published
for
nanoid
(npm)
Dec 9, 2024
Infinite loop in github.com/gomarkdown/markdown
Moderate
CVE-2024-44337
was published
for
github.com/gomarkdown/markdown
(Go)
Oct 15, 2024
Bouncy Castle crafted signature and public key can be used to trigger an infinite loop
Moderate
CVE-2024-30172
was published
for
BouncyCastle
(Maven)
May 14, 2024
Designate does not enforce the DNS protocol limit concerning record set sizes
Moderate
CVE-2015-5694
was published
for
designate
(pip)
May 24, 2022
Golang protojson.Unmarshal function infinite loop when unmarshaling certain forms of invalid JSON
Moderate
CVE-2024-24786
was published
for
google.golang.org/protobuf
(Go)
Mar 6, 2024
Use of "infinity" as an input to datetime and date fields causes infinite loop in pydantic
Moderate
CVE-2021-29510
was published
for
pydantic
(pip)
May 13, 2021
Manipulated inline images can cause Infinite Loop in PyPDF2
Moderate
CVE-2022-24859
was published
for
PyPDF2
(pip)
Apr 22, 2022
Liferay Portal denial-of-service vulnerability
Moderate
CVE-2024-25144
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 8, 2024
Moderate severity vulnerability that affects org.apache.commons:commons-compress
Moderate
CVE-2018-11771
was published
for
org.apache.commons:commons-compress
(Maven)
Oct 19, 2018
golang.org/x/text Infinite loop
Moderate
CVE-2020-14040
was published
for
golang.org/x/text
(Go)
May 18, 2021
Loop with Unreachable Exit Condition in Apache CXF
Moderate
CVE-2014-3584
was published
for
org.apache.cxf:cxf-rt-frontend-jaxrs
(Maven)
May 13, 2022
Vitess vulnerable to infinite memory consumption and vtgate crash
Moderate
CVE-2024-32886
was published
for
github.com/vitessio/vitess
(Go)
May 8, 2024
Comparison errorr in org.apache.tika:tika-core
Moderate
CVE-2018-8017
was published
for
org.apache.tika:tika-core
(Maven)
Oct 17, 2018
Apache Commons Compress vulnerable to denial of service due to infinite loop
Moderate
CVE-2018-1324
was published
for
com.liferay:com.liferay.portal.tools.bundle.support
(Maven)
Mar 14, 2019
IPAddress Infinite Loop vulnerability (Disputed)
Moderate
CVE-2023-50570
was published
for
com.github.seancfoley:ipaddress
(Maven)
Dec 29, 2023
•
withdrawn
Possible Infinite Loop when PdfWriter(clone_from) is used with a PDF
Moderate
CVE-2023-46250
was published
for
pypdf
(pip)
Oct 31, 2023
Loop with Unreachable Exit Condition in Jenkins
Moderate
CVE-2018-1000864
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Infinite Loop in Jenkins Core
Moderate
CVE-2018-1999044
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
pypdf and PyPDF2 possible Infinite Loop when a comment isn't followed by a character
Moderate
CVE-2023-36464
was published
for
PyPDF2
(pip)
Jun 30, 2023
OpenFGA Vulnerable to DoS from circular relationship definitions
Moderate
CVE-2023-43645
was published
for
github.com/openfga/openfga
(Go)
Sep 28, 2023
OpenFGA vulnerable to denial of service due to circular relationship
Moderate
CVE-2023-35933
was published
for
github.com/openfga/openfga
(Go)
Jun 28, 2023
PyPDF2 vulnerable to possible Infinite Loop when reading malformed objects
Moderate
CVE-2023-36807
was published
for
PyPDF2
(pip)
Jun 30, 2023
Infinite certificate chain depth results in OctoRPKI running forever
Moderate
CVE-2021-3908
was published
for
github.com/cloudflare/cfrpki
(Go)
Nov 10, 2021
Apache Tika Denial of Service due to Infinite Loop in Tika's SQLite3Parser
Moderate
CVE-2018-17197
was published
for
org.apache.tika:tika-parsers
(Maven)
Dec 26, 2018
ProTip!
Advisories are also available from the
GraphQL API