GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
16 advisories
Filter by severity
Denial of Service in Page Error Handling
Moderate
CVE-2021-21359
was published
for
typo3/cms
(Composer)
Mar 23, 2021
Denial of Service in Elasticsearch
Moderate
CVE-2021-22144
was published
for
org.elasticsearch:elasticsearch
(Maven)
Aug 9, 2021
Uncontrolled recursion leads to abort in deserialization
Moderate
GHSA-39vw-qp34-rmwf
was published
for
serde_yaml
(Rust)
Aug 25, 2021
Jenkins Token Macro Plugin's recursive token expansion results in information disclosure and DoS
Moderate
CVE-2019-1003011
was published
for
org.jenkins-ci.plugins:token-macro
(Maven)
May 13, 2022
golang.org/x/net/http/httpguts vulnerable to Uncontrolled Recursion
Moderate
CVE-2021-31525
was published
for
golang.org/x/net
(Go)
May 24, 2022
HAProxyMessageDecoder Stack Exhaustion DoS
Moderate
CVE-2022-41881
was published
for
io.netty:netty-codec-haproxy
(Maven)
Dec 12, 2022
TYPO3 CMS vulnerable to Denial of Service in Page Error Handling
Moderate
CVE-2022-23500
was published
for
typo3/cms
(Composer)
Dec 13, 2022
Uncontrolled Recursion in HTTP2ToRawGRPCServerCodec
Moderate
CVE-2021-36154
was published
for
github.com/grpc/grpc-swift
(Swift)
May 22, 2023
Denial of service caused by infinite recursion when parsing SVG document
Moderate
CVE-2023-50251
was published
for
phenx/php-svg-lib
(Composer)
Dec 13, 2023
Uncontrolled Recursion in SurrealQL Parsing
Moderate
GHSA-6r8p-hpg7-825g
was published
for
surrealdb
(Rust)
Jan 18, 2024
KaTeX's maxExpand bypassed by `\edef`
Moderate
CVE-2024-28243
was published
for
katex
(npm)
Mar 25, 2024
KaTeX's maxExpand bypassed by Unicode sub/superscripts
Moderate
CVE-2024-28244
was published
for
katex
(npm)
Mar 25, 2024
Miniscript allows stack consumption
Moderate
CVE-2024-44073
was published
for
miniscript
(Rust)
Aug 19, 2024
matrix-js-sdk will freeze when a user sets a room with itself as a its predecessor
Moderate
CVE-2024-42369
was published
for
matrix-js-sdk
(npm)
Aug 20, 2024
ProTip!
Advisories are also available from the
GraphQL API