GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
35 advisories
Filter by severity
Logic error in Apache Pinot
High
CVE-2022-23974
was published
for
org.apache.pinot:pinot
(Maven)
Apr 6, 2022
Improper path handling in Kustomization files allows for denial of service
High
CVE-2022-24878
was published
for
github.com/fluxcd/flux2
(Go)
May 20, 2022
Uncontrolled Recursion in Akka HTTP
High
CVE-2021-42697
was published
for
com.typesafe.akka:akka-http
(Maven)
May 24, 2022
vm2 before 3.6.11 vulnerable to sandbox escape
High
CVE-2019-10761
was published
for
vm2
(npm)
Jul 14, 2022
Apache ORC vulnerable to Uncontrolled Recursion
High
CVE-2018-8015
was published
for
org.apache.orc:orc
(Maven)
May 13, 2022
Apache Log4j2 vulnerable to Improper Input Validation and Uncontrolled Recursion
High
CVE-2021-45105
was published
for
org.apache.logging.log4j:log4j-core
(Maven)
Dec 18, 2021
Uncontrolled Recursion in Play Framework
High
CVE-2020-26883
was published
for
com.typesafe.play:play
(Maven)
Feb 10, 2022
Data Amplification in Play Framework
High
CVE-2020-26882
was published
for
com.typesafe.play:play
(Maven)
Feb 10, 2022
Moodle vulnerable to Uncontrolled Resource Consumption
High
CVE-2021-36395
was published
for
moodle/moodle
(Composer)
Mar 6, 2023
Jettison vulnerable to infinite recursion
High
CVE-2023-1436
was published
for
org.codehaus.jettison:jettison
(Maven)
Mar 22, 2023
Uncontrolled recursion in rust-yaml
High
CVE-2018-20993
was published
for
yaml-rust
(Rust)
Aug 25, 2021
Uncontrolled recursion in trust-dns-proto
High
CVE-2018-20994
was published
for
trust-dns-proto
(Rust)
Aug 25, 2021
XStream can cause Denial of Service via stack overflow
High
CVE-2022-41966
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Dec 29, 2022
Vapor vulnerable to denial of service in URLEncodedFormDecoder
High
CVE-2022-31019
was published
for
github.com/vapor/vapor
(Swift)
Jun 7, 2023
Routinator infinite loop vulnerability
High
CVE-2021-43172
was published
for
routinator
(Rust)
May 24, 2022
Jettison memory exhaustion
High
CVE-2022-40150
was published
for
org.codehaus.jettison:jettison
(Maven)
Sep 17, 2022
Juniper is vulnerable to @DOS GraphQL Nested Fragments overflow
High
CVE-2022-31173
was published
for
juniper
(Rust)
Jul 29, 2022
graphql-go has infinite recursion in the type definition parser
High
CVE-2022-37315
was published
for
github.com/graphql-go/graphql
(Go)
Aug 2, 2022
Uncontrolled Recursion in Loofah
High
CVE-2022-23516
was published
for
loofah
(RubyGems)
Dec 13, 2022
msgpackr's conversion of property names to strings can trigger infinite recursion
High
CVE-2023-52079
was published
for
msgpackr
(npm)
Dec 28, 2023
orjson does not limit recursion for deeply nested JSON documents
High
CVE-2024-27454
was published
for
orjson
(pip)
Feb 26, 2024
Duplicate Advisory: sqlparse parsing heavily nested list leads to Denial of Service
High
GHSA-62qf-jcq8-8gxw
was published
for
sqlparse
(pip)
Apr 30, 2024
•
withdrawn
sqlparse parsing heavily nested list leads to Denial of Service
High
CVE-2024-4340
was published
for
sqlparse
(pip)
Apr 15, 2024
ProTip!
Advisories are also available from the
GraphQL API