Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

84 advisories

Loading
A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(),... Moderate Unreviewed
CVE-2021-30470 was published May 24, 2022
A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device... Moderate Unreviewed
CVE-2021-20255 was published May 24, 2022
An issue was discovered in Xen through 4.14.x. When they require assistance from the device model... Moderate Unreviewed
CVE-2020-29566 was published May 24, 2022
An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x... Moderate Unreviewed
CVE-2020-28242 was published May 24, 2022
url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger... Moderate Unreviewed
CVE-2020-25219 was published May 24, 2022
In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote... Moderate Unreviewed
CVE-2020-12100 was published May 24, 2022
In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious IMAP server can trigger... Moderate Unreviewed
CVE-2020-16094 was published May 24, 2022
ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via... Moderate Unreviewed
CVE-2020-13800 was published May 24, 2022
Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack"... Moderate Unreviewed
CVE-2020-12662 was published May 24, 2022
PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against... Moderate Unreviewed
CVE-2020-10995 was published May 24, 2022
libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c,... Moderate Unreviewed
CVE-2020-12825 was published May 24, 2022
A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba... Moderate Unreviewed
CVE-2020-10704 was published May 24, 2022
An exploitable denial-of-service vulnerability exists in the resource record-parsing... Moderate Unreviewed
CVE-2020-6071 was published May 24, 2022
A stack consumption issue is present in libyang before v1.0-r1 due to the self-referential union... Moderate Unreviewed
CVE-2019-20395 was published May 24, 2022
alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types... Moderate Unreviewed
CVE-2019-19645 was published May 24, 2022
ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because... Moderate Unreviewed
CVE-2019-18853 was published May 24, 2022
find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as... Moderate Unreviewed
CVE-2019-17450 was published May 24, 2022
In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE... Moderate Unreviewed
CVE-2019-11779 was published May 24, 2022
Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c. Moderate Unreviewed
CVE-2019-16163 was published May 24, 2022
In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers... Moderate Unreviewed
CVE-2019-15144 was published May 24, 2022
check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion,... Moderate Unreviewed
CVE-2019-15118 was published May 24, 2022
Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to stack exhaustion. By... Moderate Unreviewed
CVE-2019-13955 was published May 24, 2022
yaml-rust 0.4.0 and earlier is affected by: Uncontrolled Recursion. The impact is: Denial of... Moderate Unreviewed
CVE-2019-1010182 was published May 24, 2022
serde serde_yaml 0.6.0 to 0.8.3 is affected by: Uncontrolled Recursion. The impact is: Denial of... Moderate Unreviewed
CVE-2019-1010183 was published May 24, 2022
LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass:... Moderate Unreviewed
CVE-2018-20822 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API