GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,655
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
209 advisories
Filter by severity
DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or...
High
Unreviewed
CVE-2024-0211
was published
Jan 3, 2024
msgpackr's conversion of property names to strings can trigger infinite recursion
High
CVE-2023-52079
was published
for
msgpackr
(npm)
Dec 28, 2023
Denial of service caused by infinite recursion when parsing SVG document
Moderate
CVE-2023-50251
was published
for
phenx/php-svg-lib
(Composer)
Dec 13, 2023
A vulnerability has been identified in SIMATIC PC-Station Plus (All versions), SIMATIC S7-400 CPU...
High
Unreviewed
CVE-2022-47374
was published
Dec 12, 2023
Remarshal expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack
High
CVE-2023-47163
was published
for
remarshal
(pip)
Nov 13, 2023
MuPDF v1.21.1 was discovered to contain an infinite recursion in the component pdf_mark_list_push...
Moderate
Unreviewed
CVE-2023-31794
was published
Oct 31, 2023
CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or...
High
Unreviewed
CVE-2023-4512
was published
Aug 24, 2023
An infinite recursion in Catalog::findDestInTree can cause denial of service for xpdf 4.02.
Moderate
Unreviewed
CVE-2022-48545
was published
Aug 22, 2023
Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause...
High
Unreviewed
CVE-2020-23804
was published
Aug 22, 2023
In Xpdf 4.04 (and earlier), a PDF object loop in the page label tree leads to infinite recursion...
Moderate
Unreviewed
CVE-2023-2663
was published
Jul 6, 2023
In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tree leads to infinite...
Moderate
Unreviewed
CVE-2023-2664
was published
Jul 6, 2023
Fortra Globalscape EFT versions before 8.1.0.16 suffer from a denial of service vulnerability,...
High
Unreviewed
CVE-2023-2990
was published
Jun 22, 2023
Vapor vulnerable to denial of service in URLEncodedFormDecoder
High
CVE-2022-31019
was published
for
github.com/vapor/vapor
(Swift)
Jun 7, 2023
Telefnica Brasil Vivo Play (IPTV) Firmware: 2023.04.04.01.06.15 is vulnerable to Denial of...
High
Unreviewed
CVE-2023-31893
was published
Jun 5, 2023
Uncontrolled Recursion in HTTP2ToRawGRPCServerCodec
Moderate
CVE-2021-36154
was published
for
github.com/grpc/grpc-swift
(Swift)
May 22, 2023
Karate has vulnerable dependency on json-smart package (CVE-2023-1370)
High
GHSA-5x5q-8cgm-2hjq
was published
for
com.intuit.karate:karate-core
(Maven)
Mar 31, 2023
A denial of service vulnerability exists in the FitsOutput::close() functionality of OpenImageIO...
High
Unreviewed
CVE-2023-24472
was published
Mar 30, 2023
An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c allows attackers to cause a...
Moderate
Unreviewed
CVE-2020-36691
was published
Mar 24, 2023
json-smart Uncontrolled Recursion vulnerabilty
High
CVE-2023-1370
was published
for
net.minidev:json-smart
(Maven)
Mar 23, 2023
Jettison vulnerable to infinite recursion
High
CVE-2023-1436
was published
for
org.codehaus.jettison:jettison
(Maven)
Mar 22, 2023
Moodle vulnerable to Uncontrolled Resource Consumption
High
CVE-2021-36395
was published
for
moodle/moodle
(Composer)
Mar 6, 2023
In dotCMS 5.x-22.06, it is possible to call the TempResource multiple times, each time requesting...
Moderate
Unreviewed
CVE-2022-37034
was published
Feb 2, 2023
A remote attacker might be able to cause infinite recursion in PowerDNS Recursor 4.8.0 via a DNS...
High
Unreviewed
CVE-2023-22617
was published
Jan 21, 2023
GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 has a segment fault (/stack overflow) due to infinite...
Moderate
Unreviewed
CVE-2022-47662
was published
Jan 5, 2023
XStream can cause Denial of Service via stack overflow
High
CVE-2022-41966
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Dec 29, 2022
ProTip!
Advisories are also available from the
GraphQL API