GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,035
Maven
5,000+
npm
3,732
NuGet
662
pip
3,413
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
214 advisories
Filter by severity
Denial of Service in Page Error Handling
Moderate
CVE-2021-21359
was published
for
typo3/cms
(Composer)
Mar 23, 2021
Stack overflow due to looping TFLite subgraph
High
CVE-2021-29591
was published
for
tensorflow
(pip)
May 21, 2021
Stack overflow in `ParseAttrValue` with nested tensors
Low
CVE-2021-29615
was published
for
tensorflow
(pip)
May 21, 2021
Denial of Service in Elasticsearch
Moderate
CVE-2021-22144
was published
for
org.elasticsearch:elasticsearch
(Maven)
Aug 9, 2021
Uncontrolled recursion in rust-yaml
High
CVE-2018-20993
was published
for
yaml-rust
(Rust)
Aug 25, 2021
Uncontrolled recursion in trust-dns-proto
High
CVE-2018-20994
was published
for
trust-dns-proto
(Rust)
Aug 25, 2021
Uncontrolled recursion leads to abort in deserialization
Moderate
GHSA-39vw-qp34-rmwf
was published
for
serde_yaml
(Rust)
Aug 25, 2021
ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects...
High
Unreviewed
CVE-2021-42717
was published
Dec 8, 2021
Apache Log4j2 vulnerable to Improper Input Validation and Uncontrolled Recursion
High
CVE-2021-45105
was published
for
org.apache.logging.log4j:log4j-core
(Maven)
Dec 18, 2021
GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust...
Moderate
Unreviewed
CVE-2021-46195
was published
Jan 15, 2022
The comment function in YzmCMS v6.3 was discovered as being able to be operated concurrently,...
Moderate
Unreviewed
CVE-2022-23889
was published
Jan 29, 2022
Uncontrolled Recursion in Play Framework
High
CVE-2020-26883
was published
for
com.typesafe.play:play
(Maven)
Feb 10, 2022
Data Amplification in Play Framework
High
CVE-2020-26882
was published
for
com.typesafe.play:play
(Maven)
Feb 10, 2022
Logic error in Apache Pinot
High
CVE-2022-23974
was published
for
org.apache.pinot:pinot
(Maven)
Apr 6, 2022
Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager,...
High
Unreviewed
CVE-2022-28773
was published
Apr 13, 2022
The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a...
Moderate
Unreviewed
CVE-2007-1285
was published
May 1, 2022
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack...
Moderate
Unreviewed
CVE-2019-9071
was published
May 13, 2022
An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream:...
High
Unreviewed
CVE-2019-9545
was published
May 13, 2022
An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream:...
High
Unreviewed
CVE-2019-9543
was published
May 13, 2022
Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could...
Moderate
Unreviewed
CVE-2018-0739
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API