GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
101 advisories
Filter by severity
Logic error in Apache Pinot
High
CVE-2022-23974
was published
for
org.apache.pinot:pinot
(Maven)
Apr 6, 2022
Improper path handling in Kustomization files allows for denial of service
High
CVE-2022-24878
was published
for
github.com/fluxcd/flux2
(Go)
May 20, 2022
A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed...
High
Unreviewed
CVE-2021-3530
was published
May 24, 2022
uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitrary depth of parameter...
High
Unreviewed
CVE-2021-36773
was published
May 24, 2022
Uncontrolled Recursion in Akka HTTP
High
CVE-2021-42697
was published
for
com.typesafe.akka:akka-http
(Maven)
May 24, 2022
vm2 before 3.6.11 vulnerable to sandbox escape
High
CVE-2019-10761
was published
for
vm2
(npm)
Jul 14, 2022
Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an...
High
Unreviewed
CVE-2022-30631
was published
Aug 11, 2022
Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows...
High
Unreviewed
CVE-2022-30635
was published
Aug 11, 2022
Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an...
High
Unreviewed
CVE-2022-30632
was published
Aug 11, 2022
Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to...
High
Unreviewed
CVE-2022-30630
was published
Aug 11, 2022
Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an...
High
Unreviewed
CVE-2022-30633
was published
Aug 11, 2022
An issue was discovered in Artifex MuJS 1.0.5. It has unlimited recursion because the match...
High
Unreviewed
CVE-2019-11413
was published
May 24, 2022
Apache ORC vulnerable to Uncontrolled Recursion
High
CVE-2018-8015
was published
for
org.apache.orc:orc
(Maven)
May 13, 2022
An exploitable denial-of-service vulnerability exists in the mdnscap binary of the CUJO Smart...
High
Unreviewed
CVE-2018-4002
was published
May 24, 2022
Products with Unified Automation .NET based OPC UA Client/Server SDK Bundle: Versions V3.0.7 and...
High
Unreviewed
CVE-2021-27434
was published
May 24, 2022
MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via...
High
Unreviewed
CVE-2020-28196
was published
May 24, 2022
The fb_unserialize function did not impose a depth limit for nested deserialization. That meant a...
High
Unreviewed
CVE-2020-1898
was published
May 24, 2022
Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an...
High
Unreviewed
CVE-2022-28131
was published
Aug 11, 2022
An issue was discovered in OSSEC 3.6.0. An uncontrolled recursion vulnerability in os_xml.c...
High
Unreviewed
CVE-2021-28040
was published
May 24, 2022
A stack overflow in libyang <= v1.0.225 can cause a denial of service through function...
High
Unreviewed
CVE-2021-28903
was published
May 24, 2022
OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are...
High
Unreviewed
CVE-2021-27432
was published
May 24, 2022
An unlimited recursion in DxeCore in EDK II.
High
Unreviewed
CVE-2021-28210
was published
May 24, 2022
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows stack consumption...
High
Unreviewed
CVE-2021-38569
was published
May 24, 2022
Apache Log4j2 vulnerable to Improper Input Validation and Uncontrolled Recursion
High
CVE-2021-45105
was published
for
org.apache.logging.log4j:log4j-core
(Maven)
Dec 18, 2021
ProTip!
Advisories are also available from the
GraphQL API