GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
112 advisories
Filter by severity
Liferay Portal denial-of-service vulnerability
Moderate
CVE-2024-25144
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 8, 2024
Pylons Colander Denial of Service vulnerability
High
CVE-2017-18361
was published
for
colander
(pip)
Feb 7, 2019
Bouncy Castle crafted signature and public key can be used to trigger an infinite loop
Moderate
CVE-2024-30172
was published
for
BouncyCastle
(Maven)
May 14, 2024
sigstore-go has an unbounded loop over untrusted input can lead to endless data attack
Low
CVE-2024-45395
was published
for
github.com/sigstore/sigstore-go
(Go)
Sep 4, 2024
Stack overflow due to looping TFLite subgraph
High
CVE-2021-29591
was published
for
tensorflow
(pip)
May 21, 2021
Soot Infinite Loop vulnerability
High
CVE-2023-46442
was published
for
org.soot-oss:soot
(Maven)
May 24, 2024
Low severity (DoS) vulnerability in sequoia-openpgp
Low
GHSA-9344-p847-qm5c
was published
for
sequoia-openpgp
(Rust)
Jun 26, 2024
openssl-src's infinite loop in `BN_mod_sqrt()` reachable when parsing certificates
High
CVE-2022-0778
was published
for
openssl-src
(Rust)
Mar 16, 2022
Golang protojson.Unmarshal function infinite loop when unmarshaling certain forms of invalid JSON
Moderate
CVE-2024-24786
was published
for
google.golang.org/protobuf
(Go)
Mar 6, 2024
Moderate severity vulnerability that affects org.apache.commons:commons-compress
Moderate
CVE-2018-11771
was published
for
org.apache.commons:commons-compress
(Maven)
Oct 19, 2018
github.com/ulikunitz/xz fixes readUvarint Denial of Service (DoS)
High
CVE-2021-29482
was published
for
github.com/ulikunitz/xz
(Go)
May 25, 2021
Denial of Service Vulnerability in Rustls Library
High
CVE-2024-32650
was published
for
rustls
(Rust)
Apr 19, 2024
golang.org/x/net/html Infinite Loop vulnerability
High
CVE-2021-33194
was published
for
golang.org/x/net
(Go)
May 24, 2022
Infinite Loop in jsonparser
High
CVE-2020-10675
was published
for
github.com/buger/jsonparser
(Go)
May 18, 2021
x/net/html Vulnerable to DoS During HTML Parsing
High
CVE-2018-17846
was published
for
golang.org/x/net
(Go)
Sep 25, 2023
golang.org/x/text Infinite loop
Moderate
CVE-2020-14040
was published
for
golang.org/x/text
(Go)
May 18, 2021
Loop with Unreachable Exit Condition in Apache CXF
Moderate
CVE-2014-3584
was published
for
org.apache.cxf:cxf-rt-frontend-jaxrs
(Maven)
May 13, 2022
Vitess vulnerable to infinite memory consumption and vtgate crash
Moderate
CVE-2024-32886
was published
for
github.com/vitessio/vitess
(Go)
May 8, 2024
Undertow denial of service vulnerability
High
CVE-2023-1108
was published
for
io.undertow:undertow-core
(Maven)
Sep 14, 2023
aiohttp vulnerable to Denial of Service when trying to parse malformed POST requests
High
CVE-2024-30251
was published
for
aiohttp
(pip)
May 3, 2024
ProTip!
Advisories are also available from the
GraphQL API