GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
209 advisories
Filter by severity
Uncontrolled Recursion in Loofah
High
CVE-2022-23516
was published
for
loofah
(RubyGems)
Dec 13, 2022
TYPO3 CMS vulnerable to Denial of Service in Page Error Handling
Moderate
CVE-2022-23500
was published
for
typo3/cms
(Composer)
Dec 13, 2022
HAProxyMessageDecoder Stack Exhaustion DoS
Moderate
CVE-2022-41881
was published
for
io.netty:netty-codec-haproxy
(Maven)
Dec 12, 2022
Mastodon through 4.0.2 allows attackers to cause a denial of service (large Sidekiq pull queue)...
High
Unreviewed
CVE-2022-46405
was published
Dec 4, 2022
Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for...
Moderate
Unreviewed
CVE-2022-42321
was published
Nov 1, 2022
It was possible to trigger an infinite recursion condition in the error handler when Hermes...
High
Unreviewed
CVE-2022-27810
was published
Oct 7, 2022
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively...
Moderate
Unreviewed
CVE-2022-31628
was published
Sep 29, 2022
An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37...
Moderate
Unreviewed
CVE-2022-28201
was published
Sep 20, 2022
Jettison memory exhaustion
High
CVE-2022-40150
was published
for
org.codehaus.jettison:jettison
(Maven)
Sep 17, 2022
Uncontrolled Recursion in GitHub repository gpac/gpac prior to 2.1.0-DEV.
Moderate
Unreviewed
CVE-2022-3222
was published
Sep 16, 2022
XPDF v4.04 was discovered to contain a stack overflow via the function Catalog::countPageTree()...
Moderate
Unreviewed
CVE-2022-38334
was published
Sep 16, 2022
A vulnerability has been found in Nintendo Game Boy Color and classified as problematic. This...
High
Unreviewed
CVE-2022-3216
was published
Sep 15, 2022
A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial...
Moderate
Unreviewed
CVE-2021-3997
was published
Aug 24, 2022
Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of...
High
Unreviewed
CVE-2022-23460
was published
Aug 20, 2022
Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an...
High
Unreviewed
CVE-2022-30631
was published
Aug 11, 2022
Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an...
High
Unreviewed
CVE-2022-30632
was published
Aug 11, 2022
Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an...
High
Unreviewed
CVE-2022-30633
was published
Aug 11, 2022
Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows...
High
Unreviewed
CVE-2022-30635
was published
Aug 11, 2022
Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to...
High
Unreviewed
CVE-2022-30630
was published
Aug 11, 2022
Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an...
High
Unreviewed
CVE-2022-28131
was published
Aug 11, 2022
Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow...
Moderate
Unreviewed
CVE-2022-1962
was published
Aug 11, 2022
graphql-go has infinite recursion in the type definition parser
High
CVE-2022-37315
was published
for
github.com/graphql-go/graphql
(Go)
Aug 2, 2022
Juniper is vulnerable to @DOS GraphQL Nested Fragments overflow
High
CVE-2022-31173
was published
for
juniper
(Rust)
Jul 29, 2022
vm2 before 3.6.11 vulnerable to sandbox escape
High
CVE-2019-10761
was published
for
vm2
(npm)
Jul 14, 2022
URL previews of unusual or maliciously-crafted pages can crash Synapse media repositories or Synapse monoliths
High
CVE-2022-31052
was published
for
matrix-synapse
(pip)
Jun 29, 2022
ProTip!
Advisories are also available from the
GraphQL API