Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,324
Erlang
31
GitHub Actions
21
Go
2,087
Maven
5,000+
npm
3,751
NuGet
674
pip
3,437
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+

565 advisories

Loading
SwiftNIO Extras vulnerable to improper detection of complete HTTP body decompression High
CVE-2022-3252 was published for github.com/apple/swift-nio-extras (Swift) Jun 7, 2023
vojtarylko
A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some... High Unreviewed
CVE-2022-44617 was published Feb 7, 2023
An improperly performed length calculation on a buffer in PlaintextRecordLayer could lead to an... Moderate Unreviewed
CVE-2019-3560 was published May 24, 2022
A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of... Moderate Unreviewed
CVE-2021-3468 was published May 24, 2022
Routinator infinite loop vulnerability High
CVE-2021-43172 was published for routinator (Rust) May 24, 2022
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively... Moderate Unreviewed
CVE-2022-31628 was published Sep 29, 2022
StackStorm st2 Infinite Loop Condition High
CVE-2021-28667 was published for st2client (pip) May 24, 2022 withdrawn
The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote... Moderate Unreviewed
CVE-2004-0753 was published Apr 29, 2022
Rack vulnerable to REDoS Moderate
CVE-2012-6109 was published for rack (RubyGems) Oct 24, 2017
Pion DTLS Header reconstruction method can be thrown into an infinite loop High
CVE-2022-29190 was published for github.com/pion/dtls (Go) May 24, 2022
Improper Check for filenames with overly long extensions in PostMaster (sending in email) or... Moderate Unreviewed
CVE-2019-18180 was published May 24, 2022
The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process... Low Unreviewed
CVE-2015-6815 was published May 24, 2022
Apache Tika Denial of Service due to Infinite Loop in Tika's SQLite3Parser Moderate
CVE-2018-17197 was published for org.apache.tika:tika-parsers (Maven) Dec 26, 2018
Infinite certificate chain depth results in OctoRPKI running forever Moderate
CVE-2021-3908 was published for github.com/cloudflare/cfrpki (Go) Nov 10, 2021
andrewpollock
A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the... High Unreviewed
CVE-2022-46285 was published Feb 7, 2023
Denial of Service in Apache Commons Compress High
CVE-2019-12402 was published for io.github.1tchy.java9modular.org.apache.commons:commons-compress (Maven) Oct 11, 2019
Istio vulnerable to denial of service High
CVE-2019-18817 was published for istio.io/istio (Go) May 24, 2022
Loop with Unreachable Exit Condition in Netty High
CVE-2016-4970 was published for io.netty:netty-handler (Maven) May 13, 2022
sharonbz
PyPDF2 vulnerable to possible Infinite Loop when reading malformed objects Moderate
CVE-2023-36807 was published for PyPDF2 (pip) Jun 30, 2023
MartinThoma
OpenFGA vulnerable to denial of service due to circular relationship Moderate
CVE-2023-35933 was published for github.com/openfga/openfga (Go) Jun 28, 2023
A vulnerability, which was classified as problematic, was found in InternalError503 Forget It up... Low Unreviewed
CVE-2015-10103 was published Apr 17, 2023
A vulnerability in the Administrative XML Web Service (AXL) API of Cisco Unified Communications... Moderate Unreviewed
CVE-2023-20116 was published Jun 28, 2023
asyncua vulnerable to denial of service via infinite loop High
CVE-2023-26151 was published for asyncua (pip) Oct 3, 2023
An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply... High Unreviewed
CVE-2022-23098 was published Feb 10, 2022
Invalid handling of `X509_verify_cert()` internal errors in libssl High
CVE-2021-4044 was published for openssl-src (Rust) Dec 15, 2021
pinkforest
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database