GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
197 advisories
Filter by severity
Vapor vulnerable to denial of service in URLEncodedFormDecoder
High
CVE-2022-31019
was published
for
github.com/vapor/vapor
(Swift)
Jun 7, 2023
Telefnica Brasil Vivo Play (IPTV) Firmware: 2023.04.04.01.06.15 is vulnerable to Denial of...
High
Unreviewed
CVE-2023-31893
was published
Jun 5, 2023
Uncontrolled Recursion in HTTP2ToRawGRPCServerCodec
Moderate
CVE-2021-36154
was published
for
github.com/grpc/grpc-swift
(Swift)
May 22, 2023
Karate has vulnerable dependency on json-smart package (CVE-2023-1370)
High
GHSA-5x5q-8cgm-2hjq
was published
for
com.intuit.karate:karate-core
(Maven)
Mar 31, 2023
A denial of service vulnerability exists in the FitsOutput::close() functionality of OpenImageIO...
High
Unreviewed
CVE-2023-24472
was published
Mar 30, 2023
An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c allows attackers to cause a...
Moderate
Unreviewed
CVE-2020-36691
was published
Mar 24, 2023
json-smart Uncontrolled Recursion vulnerabilty
High
CVE-2023-1370
was published
for
net.minidev:json-smart
(Maven)
Mar 23, 2023
Jettison vulnerable to infinite recursion
High
CVE-2023-1436
was published
for
org.codehaus.jettison:jettison
(Maven)
Mar 22, 2023
Moodle vulnerable to Uncontrolled Resource Consumption
High
CVE-2021-36395
was published
for
moodle/moodle
(Composer)
Mar 6, 2023
In dotCMS 5.x-22.06, it is possible to call the TempResource multiple times, each time requesting...
Moderate
Unreviewed
CVE-2022-37034
was published
Feb 2, 2023
A remote attacker might be able to cause infinite recursion in PowerDNS Recursor 4.8.0 via a DNS...
High
Unreviewed
CVE-2023-22617
was published
Jan 21, 2023
GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 has a segment fault (/stack overflow) due to infinite...
Moderate
Unreviewed
CVE-2022-47662
was published
Jan 5, 2023
XStream can cause Denial of Service via stack overflow
High
CVE-2022-41966
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Dec 29, 2022
Uncontrolled Recursion in Loofah
High
CVE-2022-23516
was published
for
loofah
(RubyGems)
Dec 13, 2022
TYPO3 CMS vulnerable to Denial of Service in Page Error Handling
Moderate
CVE-2022-23500
was published
for
typo3/cms
(Composer)
Dec 13, 2022
HAProxyMessageDecoder Stack Exhaustion DoS
Moderate
CVE-2022-41881
was published
for
io.netty:netty-codec-haproxy
(Maven)
Dec 12, 2022
Mastodon through 4.0.2 allows attackers to cause a denial of service (large Sidekiq pull queue)...
High
Unreviewed
CVE-2022-46405
was published
Dec 4, 2022
Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for...
Moderate
Unreviewed
CVE-2022-42321
was published
Nov 1, 2022
It was possible to trigger an infinite recursion condition in the error handler when Hermes...
High
Unreviewed
CVE-2022-27810
was published
Oct 7, 2022
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively...
Moderate
Unreviewed
CVE-2022-31628
was published
Sep 29, 2022
An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37...
Moderate
Unreviewed
CVE-2022-28201
was published
Sep 20, 2022
Jettison memory exhaustion
High
CVE-2022-40150
was published
for
org.codehaus.jettison:jettison
(Maven)
Sep 17, 2022
Uncontrolled Recursion in GitHub repository gpac/gpac prior to 2.1.0-DEV.
Moderate
Unreviewed
CVE-2022-3222
was published
Sep 16, 2022
XPDF v4.04 was discovered to contain a stack overflow via the function Catalog::countPageTree()...
Moderate
Unreviewed
CVE-2022-38334
was published
Sep 16, 2022
A vulnerability has been found in Nintendo Game Boy Color and classified as problematic. This...
High
Unreviewed
CVE-2022-3216
was published
Sep 15, 2022
ProTip!
Advisories are also available from the
GraphQL API