GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
216 advisories
Filter by severity
An issue was discovered in Artifex MuJS 1.0.5. It has unlimited recursion because the match...
High
Unreviewed
CVE-2019-11413
was published
May 24, 2022
LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass:...
Moderate
Unreviewed
CVE-2018-20822
was published
May 24, 2022
The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service ...
Moderate
Unreviewed
CVE-2018-20821
was published
May 24, 2022
yaml-rust 0.4.0 and earlier is affected by: Uncontrolled Recursion. The impact is: Denial of...
Moderate
Unreviewed
CVE-2019-1010182
was published
May 24, 2022
serde serde_yaml 0.6.0 to 0.8.3 is affected by: Uncontrolled Recursion. The impact is: Denial of...
Moderate
Unreviewed
CVE-2019-1010183
was published
May 24, 2022
Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to stack exhaustion. By...
Moderate
Unreviewed
CVE-2019-13955
was published
May 24, 2022
check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion,...
Moderate
Unreviewed
CVE-2019-15118
was published
May 24, 2022
In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers...
Moderate
Unreviewed
CVE-2019-15144
was published
May 24, 2022
Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.
Moderate
Unreviewed
CVE-2019-16163
was published
May 24, 2022
In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE...
Moderate
Unreviewed
CVE-2019-11779
was published
May 24, 2022
Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCall bugs involving 3 functions...
High
Unreviewed
CVE-2019-13123
was published
May 24, 2022
Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCall bugs involving 3 functions...
High
Unreviewed
CVE-2019-13124
was published
May 24, 2022
The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.
High
Unreviewed
CVE-2018-16452
was published
May 24, 2022
The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print()...
High
Unreviewed
CVE-2018-16300
was published
May 24, 2022
find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as...
Moderate
Unreviewed
CVE-2019-17450
was published
May 24, 2022
An exploitable denial-of-service vulnerability exists in the mdnscap binary of the CUJO Smart...
High
Unreviewed
CVE-2018-4002
was published
May 24, 2022
ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because...
Moderate
Unreviewed
CVE-2019-18853
was published
May 24, 2022
alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types...
Moderate
Unreviewed
CVE-2019-19645
was published
May 24, 2022
A stack consumption issue is present in libyang before v1.0-r1 due to the self-referential union...
Moderate
Unreviewed
CVE-2019-20395
was published
May 24, 2022
An exploitable denial-of-service vulnerability exists in the resource record-parsing...
Moderate
Unreviewed
CVE-2020-6071
was published
May 24, 2022
In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean...
High
Unreviewed
CVE-2020-12243
was published
May 24, 2022
A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba...
Moderate
Unreviewed
CVE-2020-10704
was published
May 24, 2022
libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c,...
Moderate
Unreviewed
CVE-2020-12825
was published
May 24, 2022
PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against...
Moderate
Unreviewed
CVE-2020-10995
was published
May 24, 2022
Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack"...
Moderate
Unreviewed
CVE-2020-12662
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API