GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
552 advisories
Filter by severity
Infinite Loop in jsonparser
High
CVE-2020-10675
was published
for
github.com/buger/jsonparser
(Go)
May 18, 2021
Use of "infinity" as an input to datetime and date fields causes infinite loop in pydantic
Moderate
CVE-2021-29510
was published
for
pydantic
(pip)
May 13, 2021
Infinite loop in Apache Tika
Moderate
CVE-2021-28657
was published
for
org.apache.tika:tika
(Maven)
May 10, 2021
Infinite Loop in Apache Tika
Moderate
CVE-2020-1951
was published
for
org.apache.tika:tika
(Maven)
May 7, 2021
Missing Release of Memory after Effective Lifetime in Apache Tika
Moderate
CVE-2020-9489
was published
for
org.apache.tika:tika
(Maven)
May 7, 2021
cumulative-distribution-function Infinite Loop vulnerability
High
CVE-2021-29486
was published
for
cumulative-distribution-function
(npm)
May 4, 2021
XStream can cause a Denial of Service.
High
CVE-2021-21341
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
Denial of Service in Apache POI
High
CVE-2017-12626
was published
for
org.apache.poi:poi
(Maven)
Jan 14, 2021
libxml as used in Nokogiri has an infinite loop in a certain end-of-file situation
High
CVE-2020-7595
was published
for
nokogiri
(RubyGems)
Feb 24, 2020
Uncontrolled resource consumption in validators Python package
High
CVE-2019-19588
was published
for
validators
(pip)
Jan 21, 2020
Denial of Service in Apache Commons Compress
High
CVE-2019-12402
was published
for
io.github.1tchy.java9modular.org.apache.commons:commons-compress
(Maven)
Oct 11, 2019
Infinite Loop in Apache Sanselan
High
CVE-2018-17202
was published
for
org.apache.sanselan:sanselan
(Maven)
May 14, 2019
Apache Commons Compress vulnerable to denial of service due to infinite loop
Moderate
CVE-2018-1324
was published
for
com.liferay:com.liferay.portal.tools.bundle.support
(Maven)
Mar 14, 2019
Pylons Colander Denial of Service vulnerability
High
CVE-2017-18361
was published
for
colander
(pip)
Feb 7, 2019
Apache Tika Denial of Service due to Infinite Loop in Tika's SQLite3Parser
Moderate
CVE-2018-17197
was published
for
org.apache.tika:tika-parsers
(Maven)
Dec 26, 2018
Moderate severity vulnerability that affects io.undertow:undertow-core
Moderate
CVE-2017-2670
was published
for
io.undertow:undertow-core
(Maven)
Oct 19, 2018
Moderate severity vulnerability that affects org.apache.commons:commons-compress
Moderate
CVE-2018-11771
was published
for
org.apache.commons:commons-compress
(Maven)
Oct 19, 2018
Moderate severity vulnerability that affects org.keycloak:keycloak-core
Moderate
CVE-2018-10912
was published
for
org.keycloak:keycloak-core
(Maven)
Oct 18, 2018
Keycloak vulnerable to infinite loop based Denial of Service
High
CVE-2017-2646
was published
for
org.keycloak:keycloak-core
(Maven)
Oct 18, 2018
In Apache Tomcat there is an improper handing of overflow in the UTF-8 decoder
High
CVE-2018-1336
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Oct 17, 2018
Moderate severity vulnerability that affects org.apache.tika:tika-core
Moderate
CVE-2018-1338
was published
for
org.apache.tika:tika-core
(Maven)
Oct 17, 2018
Comparison errorr in org.apache.tika:tika-core
Moderate
CVE-2018-8017
was published
for
org.apache.tika:tika-core
(Maven)
Oct 17, 2018
org.apache.tika:tika-parsers has an Infinite Loop vulnerability
Moderate
CVE-2018-1339
was published
for
org.apache.tika:tika-parsers
(Maven)
Oct 17, 2018
ProTip!
Advisories are also available from the
GraphQL API