Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,356
Erlang
33
GitHub Actions
22
Go
2,121
Maven
5,000+
npm
3,783
NuGet
683
pip
3,465
Pub
12
RubyGems
893
Rust
892
Swift
38
Unreviewed advisories
All unreviewed
5,000+

218 advisories

Loading
An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c allows attackers to cause a... Moderate Unreviewed
CVE-2020-36691 was published Mar 24, 2023
Jettison vulnerable to infinite recursion High
CVE-2023-1436 was published for org.codehaus.jettison:jettison (Maven) Mar 22, 2023
Moodle vulnerable to Uncontrolled Resource Consumption High
CVE-2021-36395 was published for moodle/moodle (Composer) Mar 6, 2023
LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass:... Moderate Unreviewed
CVE-2018-20822 was published May 24, 2022
The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service ... Moderate Unreviewed
CVE-2018-20821 was published May 24, 2022
Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c. Moderate Unreviewed
CVE-2019-16163 was published May 24, 2022
find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as... Moderate Unreviewed
CVE-2019-17450 was published May 24, 2022
In dotCMS 5.x-22.06, it is possible to call the TempResource multiple times, each time requesting... Moderate Unreviewed
CVE-2022-37034 was published Feb 2, 2023
It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not... High Unreviewed
CVE-2016-9597 was published May 13, 2022
A remote attacker might be able to cause infinite recursion in PowerDNS Recursor 4.8.0 via a DNS... High Unreviewed
CVE-2023-22617 was published Jan 21, 2023
The comment function in YzmCMS v6.3 was discovered as being able to be operated concurrently,... Moderate Unreviewed
CVE-2022-23889 was published Jan 29, 2022
GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust... Moderate Unreviewed
CVE-2021-46195 was published Jan 15, 2022
libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c,... Moderate Unreviewed
CVE-2020-12825 was published May 24, 2022
libqpdf.a in QPDF through 8.0.2 mishandles certain "expected dictionary key but found non-name... High Unreviewed
CVE-2018-9918 was published May 13, 2022
pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream... Moderate Unreviewed
CVE-2018-6544 was published May 13, 2022
An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30.... Moderate Unreviewed
CVE-2018-9996 was published May 13, 2022
jsparse.c in Artifex MuJS through 1.0.2 does not properly maintain the AST depth for binary... Moderate Unreviewed
CVE-2018-5759 was published May 13, 2022
In Exiv2 0.26, there is a segmentation fault caused by uncontrolled recursion in the Exiv2::Image... Moderate Unreviewed
CVE-2018-5772 was published May 13, 2022
Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a... Moderate Unreviewed
CVE-2018-11597 was published May 13, 2022
An issue was discovered in PoDoFo 0.9.5. There is an Excessive Recursion in the PdfPagesTree:... Moderate Unreviewed
CVE-2018-11254 was published May 13, 2022
Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc... Moderate Unreviewed
CVE-2018-16426 was published May 13, 2022
In uClibc 0.9.33.2, there is stack exhaustion (uncontrolled recursion) in the... High Unreviewed
CVE-2017-9729 was published May 13, 2022
In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause... High Unreviewed
CVE-2017-9766 was published May 13, 2022
In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion (uncontrolled recursion) in... Moderate Unreviewed
CVE-2017-9616 was published May 13, 2022
It was possible to trigger an infinite recursion condition in the error handler when Hermes... High Unreviewed
CVE-2022-27810 was published Oct 7, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database