GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
57 advisories
Filter by severity
Denial of Service in Page Error Handling
Moderate
CVE-2021-21359
was published
for
typo3/cms
(Composer)
Mar 23, 2021
Stack overflow due to looping TFLite subgraph
High
CVE-2021-29591
was published
for
tensorflow
(pip)
May 21, 2021
Stack overflow in `ParseAttrValue` with nested tensors
Low
CVE-2021-29615
was published
for
tensorflow
(pip)
May 21, 2021
Denial of Service in Elasticsearch
Moderate
CVE-2021-22144
was published
for
org.elasticsearch:elasticsearch
(Maven)
Aug 9, 2021
Uncontrolled recursion in rust-yaml
High
CVE-2018-20993
was published
for
yaml-rust
(Rust)
Aug 25, 2021
Uncontrolled recursion in trust-dns-proto
High
CVE-2018-20994
was published
for
trust-dns-proto
(Rust)
Aug 25, 2021
Uncontrolled recursion leads to abort in deserialization
Moderate
GHSA-39vw-qp34-rmwf
was published
for
serde_yaml
(Rust)
Aug 25, 2021
Apache Log4j2 vulnerable to Improper Input Validation and Uncontrolled Recursion
High
CVE-2021-45105
was published
for
org.apache.logging.log4j:log4j-core
(Maven)
Dec 18, 2021
Uncontrolled Recursion in Play Framework
High
CVE-2020-26883
was published
for
com.typesafe.play:play
(Maven)
Feb 10, 2022
Data Amplification in Play Framework
High
CVE-2020-26882
was published
for
com.typesafe.play:play
(Maven)
Feb 10, 2022
Logic error in Apache Pinot
High
CVE-2022-23974
was published
for
org.apache.pinot:pinot
(Maven)
Apr 6, 2022
Jenkins Token Macro Plugin's recursive token expansion results in information disclosure and DoS
Moderate
CVE-2019-1003011
was published
for
org.jenkins-ci.plugins:token-macro
(Maven)
May 13, 2022
Apache ORC vulnerable to Uncontrolled Recursion
High
CVE-2018-8015
was published
for
org.apache.orc:orc
(Maven)
May 13, 2022
Improper path handling in Kustomization files allows for denial of service
High
CVE-2022-24878
was published
for
github.com/fluxcd/flux2
(Go)
May 20, 2022
golang.org/x/net/http/httpguts vulnerable to Uncontrolled Recursion
Moderate
CVE-2021-31525
was published
for
golang.org/x/net
(Go)
May 24, 2022
Uncontrolled Recursion in Akka HTTP
High
CVE-2021-42697
was published
for
com.typesafe.akka:akka-http
(Maven)
May 24, 2022
Routinator infinite loop vulnerability
High
CVE-2021-43172
was published
for
routinator
(Rust)
May 24, 2022
URL previews of unusual or maliciously-crafted pages can crash Synapse media repositories or Synapse monoliths
High
CVE-2022-31052
was published
for
matrix-synapse
(pip)
Jun 29, 2022
vm2 before 3.6.11 vulnerable to sandbox escape
High
CVE-2019-10761
was published
for
vm2
(npm)
Jul 14, 2022
ProTip!
Advisories are also available from the
GraphQL API