Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

212 advisories

Loading
Uncontrolled Recursion in SurrealQL Parsing Moderate
GHSA-6r8p-hpg7-825g was published for surrealdb (Rust) Jan 18, 2024
Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or... High Unreviewed
CVE-2024-0210 was published Jan 3, 2024
DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or... High Unreviewed
CVE-2024-0211 was published Jan 3, 2024
GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of... High Unreviewed
CVE-2024-0208 was published Jan 3, 2024
msgpackr's conversion of property names to strings can trigger infinite recursion High
CVE-2023-52079 was published for msgpackr (npm) Dec 28, 2023
o5k
Denial of service caused by infinite recursion when parsing SVG document Moderate
CVE-2023-50251 was published for phenx/php-svg-lib (Composer) Dec 13, 2023
cod3beat
A vulnerability has been identified in SIMATIC PC-Station Plus (All versions), SIMATIC S7-400 CPU... High Unreviewed
CVE-2022-47374 was published Dec 12, 2023
Remarshal expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack High
CVE-2023-47163 was published for remarshal (pip) Nov 13, 2023
MuPDF v1.21.1 was discovered to contain an infinite recursion in the component pdf_mark_list_push... Moderate Unreviewed
CVE-2023-31794 was published Oct 31, 2023
CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or... High Unreviewed
CVE-2023-4512 was published Aug 24, 2023
An infinite recursion in Catalog::findDestInTree can cause denial of service for xpdf 4.02. Moderate Unreviewed
CVE-2022-48545 was published Aug 22, 2023
Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause... High Unreviewed
CVE-2020-23804 was published Aug 22, 2023
 In Xpdf 4.04 (and earlier), a PDF object loop in the page label tree leads to infinite recursion... Moderate Unreviewed
CVE-2023-2663 was published Jul 6, 2023
 In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tree leads to infinite... Moderate Unreviewed
CVE-2023-2664 was published Jul 6, 2023
Fortra Globalscape EFT versions before 8.1.0.16 suffer from a denial of service vulnerability,... High Unreviewed
CVE-2023-2990 was published Jun 22, 2023
Vapor vulnerable to denial of service in URLEncodedFormDecoder High
CVE-2022-31019 was published for github.com/vapor/vapor (Swift) Jun 7, 2023
weissi
Telefnica Brasil Vivo Play (IPTV) Firmware: 2023.04.04.01.06.15 is vulnerable to Denial of... High Unreviewed
CVE-2023-31893 was published Jun 5, 2023
Uncontrolled Recursion in HTTP2ToRawGRPCServerCodec Moderate
CVE-2021-36154 was published for github.com/grpc/grpc-swift (Swift) May 22, 2023
Karate has vulnerable dependency on json-smart package (CVE-2023-1370) High
GHSA-5x5q-8cgm-2hjq was published for com.intuit.karate:karate-core (Maven) Mar 31, 2023
kdefives
A denial of service vulnerability exists in the FitsOutput::close() functionality of OpenImageIO... High Unreviewed
CVE-2023-24472 was published Mar 30, 2023
An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c allows attackers to cause a... Moderate Unreviewed
CVE-2020-36691 was published Mar 24, 2023
json-smart Uncontrolled Recursion vulnerabilty High
CVE-2023-1370 was published for net.minidev:json-smart (Maven) Mar 23, 2023
Jettison vulnerable to infinite recursion High
CVE-2023-1436 was published for org.codehaus.jettison:jettison (Maven) Mar 22, 2023
Moodle vulnerable to Uncontrolled Resource Consumption High
CVE-2021-36395 was published for moodle/moodle (Composer) Mar 6, 2023
In dotCMS 5.x-22.06, it is possible to call the TempResource multiple times, each time requesting... Moderate Unreviewed
CVE-2022-37034 was published Feb 2, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database