GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+
105 advisories
Filter by severity
smol-toml has a Denial of Service via malicious TOML document using deeply nested inline tables
Moderate
GHSA-pqhp-25j4-6hq9
was published
for
smol-toml
(npm)
Nov 22, 2024
In the Linux kernel, the following vulnerability has been resolved:
afs: Fix lock recursion
...
Moderate
Unreviewed
CVE-2024-53090
was published
Nov 21, 2024
Exiv2 has a denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder
Moderate
CVE-2024-25112
was published
for
exiv2
(pip)
Oct 17, 2024
Denial of Service condition in Next.js image optimization
Moderate
CVE-2024-47831
was published
for
next
(npm)
Oct 14, 2024
In the Linux kernel, the following vulnerability has been resolved:
vsock: fix recursive -...
Moderate
Unreviewed
CVE-2024-44996
was published
Sep 4, 2024
matrix-js-sdk will freeze when a user sets a room with itself as a its predecessor
Moderate
CVE-2024-42369
was published
for
matrix-js-sdk
(npm)
Aug 20, 2024
Miniscript allows stack consumption
Moderate
CVE-2024-44073
was published
for
miniscript
(Rust)
Aug 19, 2024
Denial of service in langchain-community
Moderate
CVE-2024-2965
was published
for
langchain
(pip)
Jun 6, 2024
KaTeX's maxExpand bypassed by Unicode sub/superscripts
Moderate
CVE-2024-28244
was published
for
katex
(npm)
Mar 25, 2024
KaTeX's maxExpand bypassed by `\edef`
Moderate
CVE-2024-28243
was published
for
katex
(npm)
Mar 25, 2024
An issue in the anchors subparser of Showdownjs versions <= 2.1.0 could allow a remote attacker...
Moderate
Unreviewed
CVE-2024-1899
was published
Feb 26, 2024
Uncontrolled Recursion in SurrealQL Parsing
Moderate
GHSA-6r8p-hpg7-825g
was published
for
surrealdb
(Rust)
Jan 18, 2024
Denial of service caused by infinite recursion when parsing SVG document
Moderate
CVE-2023-50251
was published
for
phenx/php-svg-lib
(Composer)
Dec 13, 2023
MuPDF v1.21.1 was discovered to contain an infinite recursion in the component pdf_mark_list_push...
Moderate
Unreviewed
CVE-2023-31794
was published
Oct 31, 2023
An infinite recursion in Catalog::findDestInTree can cause denial of service for xpdf 4.02.
Moderate
Unreviewed
CVE-2022-48545
was published
Aug 22, 2023
In Xpdf 4.04 (and earlier), a PDF object loop in the page label tree leads to infinite recursion...
Moderate
Unreviewed
CVE-2023-2663
was published
Jul 6, 2023
In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tree leads to infinite...
Moderate
Unreviewed
CVE-2023-2664
was published
Jul 6, 2023
Uncontrolled Recursion in HTTP2ToRawGRPCServerCodec
Moderate
CVE-2021-36154
was published
for
github.com/grpc/grpc-swift
(Swift)
May 22, 2023
An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c allows attackers to cause a...
Moderate
Unreviewed
CVE-2020-36691
was published
Mar 24, 2023
In dotCMS 5.x-22.06, it is possible to call the TempResource multiple times, each time requesting...
Moderate
Unreviewed
CVE-2022-37034
was published
Feb 2, 2023
GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 has a segment fault (/stack overflow) due to infinite...
Moderate
Unreviewed
CVE-2022-47662
was published
Jan 5, 2023
TYPO3 CMS vulnerable to Denial of Service in Page Error Handling
Moderate
CVE-2022-23500
was published
for
typo3/cms
(Composer)
Dec 13, 2022
HAProxyMessageDecoder Stack Exhaustion DoS
Moderate
CVE-2022-41881
was published
for
io.netty:netty-codec-haproxy
(Maven)
Dec 12, 2022
Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for...
Moderate
Unreviewed
CVE-2022-42321
was published
Nov 1, 2022
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively...
Moderate
Unreviewed
CVE-2022-31628
was published
Sep 29, 2022
ProTip!
Advisories are also available from the
GraphQL API