Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

212 advisories

Loading
The load_pnm function in frompnm.c in libsixel.a in libsixel 1.8.2 has infinite recursion. Moderate Unreviewed
CVE-2019-11024 was published May 13, 2022
Apache ORC vulnerable to Uncontrolled Recursion High
CVE-2018-8015 was published for org.apache.orc:orc (Maven) May 13, 2022
An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.... Moderate Unreviewed
CVE-2018-18484 was published May 13, 2022
In QPDF 8.2.1, in libqpdf/QPDFWriter.cc, QPDFWriter::unparseObject and QPDFWriter::unparseChild... Moderate Unreviewed
CVE-2018-18020 was published May 13, 2022
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a stack exhaustion vulnerability. An... Moderate Unreviewed
CVE-2018-1158 was published May 13, 2022
EOSIO/eos eos version after commit f1545dd0ae2b77580c2236fdb70ae7138d2c7168 contains a stack... Critical Unreviewed
CVE-2018-1000618 was published May 13, 2022
Jenkins Token Macro Plugin's recursive token expansion results in information disclosure and DoS Moderate
CVE-2019-1003011 was published for org.jenkins-ci.plugins:token-macro (Maven) May 13, 2022
Receipt of a malformed packet on MX Series devices with dynamic vlan configuration can trigger an... High Unreviewed
CVE-2019-0001 was published May 13, 2022
In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion... High Unreviewed
CVE-2017-11164 was published May 13, 2022
libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of... High Unreviewed
CVE-2017-9438 was published May 13, 2022
An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1... High Unreviewed
CVE-2018-6003 was published May 13, 2022
An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2.40.1. Stack consumption... Moderate Unreviewed
CVE-2019-9904 was published May 13, 2022
Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could... Moderate Unreviewed
CVE-2018-0739 was published May 13, 2022
An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream:... High Unreviewed
CVE-2019-9545 was published May 13, 2022
An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream:... High Unreviewed
CVE-2019-9543 was published May 13, 2022
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack... Moderate Unreviewed
CVE-2019-9071 was published May 13, 2022
The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a... Moderate Unreviewed
CVE-2007-1285 was published May 1, 2022
Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager,... High Unreviewed
CVE-2022-28773 was published Apr 13, 2022
Logic error in Apache Pinot High
CVE-2022-23974 was published for org.apache.pinot:pinot (Maven) Apr 6, 2022
Data Amplification in Play Framework High
CVE-2020-26882 was published for com.typesafe.play:play (Maven) Feb 10, 2022
Uncontrolled Recursion in Play Framework High
CVE-2020-26883 was published for com.typesafe.play:play (Maven) Feb 10, 2022
Stack overflow in TensorFlow High
CVE-2022-23591 was published for tensorflow (pip) Feb 9, 2022
The comment function in YzmCMS v6.3 was discovered as being able to be operated concurrently,... Moderate Unreviewed
CVE-2022-23889 was published Jan 29, 2022
GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust... Moderate Unreviewed
CVE-2021-46195 was published Jan 15, 2022
Apache Log4j2 vulnerable to Improper Input Validation and Uncontrolled Recursion High
CVE-2021-45105 was published for org.apache.logging.log4j:log4j-core (Maven) Dec 18, 2021
chrisbloom7 levinebw
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database