GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
104 advisories
Filter by severity
smol-toml has a Denial of Service via malicious TOML document using deeply nested inline tables
Moderate
GHSA-pqhp-25j4-6hq9
was published
for
smol-toml
(npm)
Nov 22, 2024
Denial of Service condition in Next.js image optimization
Moderate
CVE-2024-47831
was published
for
next
(npm)
Oct 14, 2024
Denial of service in langchain-community
Moderate
CVE-2024-2965
was published
for
langchain
(pip)
Jun 6, 2024
Exiv2 has a denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder
Moderate
CVE-2024-25112
was published
for
exiv2
(pip)
Oct 17, 2024
In the Linux kernel, the following vulnerability has been resolved:
vsock: fix recursive -...
Moderate
Unreviewed
CVE-2024-44996
was published
Sep 4, 2024
svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in...
Moderate
Unreviewed
CVE-2019-6131
was published
May 13, 2022
Miniscript allows stack consumption
Moderate
CVE-2024-44073
was published
for
miniscript
(Rust)
Aug 19, 2024
matrix-js-sdk will freeze when a user sets a room with itself as a its predecessor
Moderate
CVE-2024-42369
was published
for
matrix-js-sdk
(npm)
Aug 20, 2024
An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x...
Moderate
Unreviewed
CVE-2020-28242
was published
May 24, 2022
An issue in the anchors subparser of Showdownjs versions <= 2.1.0 could allow a remote attacker...
Moderate
Unreviewed
CVE-2024-1899
was published
Feb 26, 2024
golang.org/x/net/http/httpguts vulnerable to Uncontrolled Recursion
Moderate
CVE-2021-31525
was published
for
golang.org/x/net
(Go)
May 24, 2022
In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers...
Moderate
Unreviewed
CVE-2019-15144
was published
May 24, 2022
An infinite recursion in Catalog::findDestInTree can cause denial of service for xpdf 4.02.
Moderate
Unreviewed
CVE-2022-48545
was published
Aug 22, 2023
In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tree leads to infinite...
Moderate
Unreviewed
CVE-2023-2664
was published
Jul 6, 2023
In Xpdf 4.04 (and earlier), a PDF object loop in the page label tree leads to infinite recursion...
Moderate
Unreviewed
CVE-2023-2663
was published
Jul 6, 2023
alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types...
Moderate
Unreviewed
CVE-2019-19645
was published
May 24, 2022
Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to stack exhaustion. By...
Moderate
Unreviewed
CVE-2019-13955
was published
May 24, 2022
yaml-rust 0.4.0 and earlier is affected by: Uncontrolled Recursion. The impact is: Denial of...
Moderate
Unreviewed
CVE-2019-1010182
was published
May 24, 2022
serde serde_yaml 0.6.0 to 0.8.3 is affected by: Uncontrolled Recursion. The impact is: Denial of...
Moderate
Unreviewed
CVE-2019-1010183
was published
May 24, 2022
KaTeX's maxExpand bypassed by Unicode sub/superscripts
Moderate
CVE-2024-28244
was published
for
katex
(npm)
Mar 25, 2024
KaTeX's maxExpand bypassed by `\edef`
Moderate
CVE-2024-28243
was published
for
katex
(npm)
Mar 25, 2024
Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for...
Moderate
Unreviewed
CVE-2022-42321
was published
Nov 1, 2022
The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a...
Moderate
Unreviewed
CVE-2007-1285
was published
May 1, 2022
check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion,...
Moderate
Unreviewed
CVE-2019-15118
was published
May 24, 2022
Denial of Service in Page Error Handling
Moderate
CVE-2021-21359
was published
for
typo3/cms
(Composer)
Mar 23, 2021
ProTip!
Advisories are also available from the
GraphQL API