GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
103 advisories
Filter by severity
json-smart Uncontrolled Recursion vulnerabilty
High
CVE-2023-1370
was published
for
net.minidev:json-smart
(Maven)
Mar 23, 2023
Jettison vulnerable to infinite recursion
High
CVE-2023-1436
was published
for
org.codehaus.jettison:jettison
(Maven)
Mar 22, 2023
Moodle vulnerable to Uncontrolled Resource Consumption
High
CVE-2021-36395
was published
for
moodle/moodle
(Composer)
Mar 6, 2023
A remote attacker might be able to cause infinite recursion in PowerDNS Recursor 4.8.0 via a DNS...
High
Unreviewed
CVE-2023-22617
was published
Jan 21, 2023
XStream can cause Denial of Service via stack overflow
High
CVE-2022-41966
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Dec 29, 2022
Uncontrolled Recursion in Loofah
High
CVE-2022-23516
was published
for
loofah
(RubyGems)
Dec 13, 2022
Mastodon through 4.0.2 allows attackers to cause a denial of service (large Sidekiq pull queue)...
High
Unreviewed
CVE-2022-46405
was published
Dec 4, 2022
It was possible to trigger an infinite recursion condition in the error handler when Hermes...
High
Unreviewed
CVE-2022-27810
was published
Oct 7, 2022
Jettison memory exhaustion
High
CVE-2022-40150
was published
for
org.codehaus.jettison:jettison
(Maven)
Sep 17, 2022
A vulnerability has been found in Nintendo Game Boy Color and classified as problematic. This...
High
Unreviewed
CVE-2022-3216
was published
Sep 15, 2022
Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of...
High
Unreviewed
CVE-2022-23460
was published
Aug 20, 2022
Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an...
High
Unreviewed
CVE-2022-30631
was published
Aug 11, 2022
Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an...
High
Unreviewed
CVE-2022-30632
was published
Aug 11, 2022
Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows...
High
Unreviewed
CVE-2022-30635
was published
Aug 11, 2022
Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an...
High
Unreviewed
CVE-2022-30633
was published
Aug 11, 2022
Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to...
High
Unreviewed
CVE-2022-30630
was published
Aug 11, 2022
Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an...
High
Unreviewed
CVE-2022-28131
was published
Aug 11, 2022
graphql-go has infinite recursion in the type definition parser
High
CVE-2022-37315
was published
for
github.com/graphql-go/graphql
(Go)
Aug 2, 2022
Juniper is vulnerable to @DOS GraphQL Nested Fragments overflow
High
CVE-2022-31173
was published
for
juniper
(Rust)
Jul 29, 2022
vm2 before 3.6.11 vulnerable to sandbox escape
High
CVE-2019-10761
was published
for
vm2
(npm)
Jul 14, 2022
URL previews of unusual or maliciously-crafted pages can crash Synapse media repositories or Synapse monoliths
High
CVE-2022-31052
was published
for
matrix-synapse
(pip)
Jun 29, 2022
In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could...
High
Unreviewed
CVE-2019-12295
was published
May 24, 2022
Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3...
High
Unreviewed
CVE-2021-39929
was published
May 24, 2022
Routinator infinite loop vulnerability
High
CVE-2021-43172
was published
for
routinator
(Rust)
May 24, 2022
Uncontrolled Recursion in Akka HTTP
High
CVE-2021-42697
was published
for
com.typesafe.akka:akka-http
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API