GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
197 advisories
Filter by severity
A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial...
Moderate
Unreviewed
CVE-2021-3997
was published
Aug 24, 2022
Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of...
High
Unreviewed
CVE-2022-23460
was published
Aug 20, 2022
Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an...
High
Unreviewed
CVE-2022-30632
was published
Aug 11, 2022
Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows...
High
Unreviewed
CVE-2022-30635
was published
Aug 11, 2022
Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an...
High
Unreviewed
CVE-2022-30631
was published
Aug 11, 2022
Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an...
High
Unreviewed
CVE-2022-30633
was published
Aug 11, 2022
Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to...
High
Unreviewed
CVE-2022-30630
was published
Aug 11, 2022
Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an...
High
Unreviewed
CVE-2022-28131
was published
Aug 11, 2022
Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow...
Moderate
Unreviewed
CVE-2022-1962
was published
Aug 11, 2022
graphql-go has infinite recursion in the type definition parser
High
CVE-2022-37315
was published
for
github.com/graphql-go/graphql
(Go)
Aug 2, 2022
Juniper is vulnerable to @DOS GraphQL Nested Fragments overflow
High
CVE-2022-31173
was published
for
juniper
(Rust)
Jul 29, 2022
vm2 before 3.6.11 vulnerable to sandbox escape
High
CVE-2019-10761
was published
for
vm2
(npm)
Jul 14, 2022
URL previews of unusual or maliciously-crafted pages can crash Synapse media repositories or Synapse monoliths
Moderate
CVE-2022-31052
was published
for
matrix-synapse
(pip)
Jun 29, 2022
A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for...
Moderate
Unreviewed
CVE-2019-18854
was published
May 24, 2022
In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could...
High
Unreviewed
CVE-2019-12295
was published
May 24, 2022
When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory function in PluginTIFF.cpp...
Moderate
Unreviewed
CVE-2019-12213
was published
May 24, 2022
Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3...
High
Unreviewed
CVE-2021-39929
was published
May 24, 2022
Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform...
Moderate
Unreviewed
CVE-2021-43519
was published
May 24, 2022
Routinator infinite loop vulnerability
High
CVE-2021-43172
was published
for
routinator
(Rust)
May 24, 2022
Uncontrolled Recursion in Akka HTTP
High
CVE-2021-42697
was published
for
com.typesafe.akka:akka-http
(Maven)
May 24, 2022
A component of the HarmonyOS has a External Control of System or Configuration Setting...
Moderate
Unreviewed
CVE-2021-22454
was published
May 24, 2022
A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call...
Moderate
Unreviewed
CVE-2021-39257
was published
May 24, 2022
A stack exhaustion issue in the printIFDStructure function of Exiv2 0.27 allows remote attackers...
Moderate
Unreviewed
CVE-2020-18898
was published
May 24, 2022
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows stack consumption...
High
Unreviewed
CVE-2021-38569
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API