GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
214 advisories
Filter by severity
An issue in the anchors subparser of Showdownjs versions <= 2.1.0 could allow a remote attacker...
Moderate
Unreviewed
CVE-2024-1899
was published
Feb 26, 2024
orjson does not limit recursion for deeply nested JSON documents
High
CVE-2024-27454
was published
for
orjson
(pip)
Feb 26, 2024
Uncontrolled Recursion in SurrealQL Parsing
Moderate
GHSA-6r8p-hpg7-825g
was published
for
surrealdb
(Rust)
Jan 18, 2024
GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of...
High
Unreviewed
CVE-2024-0208
was published
Jan 3, 2024
Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or...
High
Unreviewed
CVE-2024-0210
was published
Jan 3, 2024
DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or...
High
Unreviewed
CVE-2024-0211
was published
Jan 3, 2024
msgpackr's conversion of property names to strings can trigger infinite recursion
High
CVE-2023-52079
was published
for
msgpackr
(npm)
Dec 28, 2023
Denial of service caused by infinite recursion when parsing SVG document
Moderate
CVE-2023-50251
was published
for
phenx/php-svg-lib
(Composer)
Dec 13, 2023
A vulnerability has been identified in SIMATIC PC-Station Plus (All versions), SIMATIC S7-400 CPU...
High
Unreviewed
CVE-2022-47374
was published
Dec 12, 2023
Remarshal expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack
High
CVE-2023-47163
was published
for
remarshal
(pip)
Nov 13, 2023
MuPDF v1.21.1 was discovered to contain an infinite recursion in the component pdf_mark_list_push...
Moderate
Unreviewed
CVE-2023-31794
was published
Oct 31, 2023
CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or...
High
Unreviewed
CVE-2023-4512
was published
Aug 24, 2023
An infinite recursion in Catalog::findDestInTree can cause denial of service for xpdf 4.02.
Moderate
Unreviewed
CVE-2022-48545
was published
Aug 22, 2023
Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause...
High
Unreviewed
CVE-2020-23804
was published
Aug 22, 2023
In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tree leads to infinite...
Moderate
Unreviewed
CVE-2023-2664
was published
Jul 6, 2023
In Xpdf 4.04 (and earlier), a PDF object loop in the page label tree leads to infinite recursion...
Moderate
Unreviewed
CVE-2023-2663
was published
Jul 6, 2023
Fortra Globalscape EFT versions before 8.1.0.16 suffer from a denial of service vulnerability,...
High
Unreviewed
CVE-2023-2990
was published
Jun 22, 2023
Vapor vulnerable to denial of service in URLEncodedFormDecoder
High
CVE-2022-31019
was published
for
github.com/vapor/vapor
(Swift)
Jun 7, 2023
Telefnica Brasil Vivo Play (IPTV) Firmware: 2023.04.04.01.06.15 is vulnerable to Denial of...
High
Unreviewed
CVE-2023-31893
was published
Jun 5, 2023
Uncontrolled Recursion in HTTP2ToRawGRPCServerCodec
Moderate
CVE-2021-36154
was published
for
github.com/grpc/grpc-swift
(Swift)
May 22, 2023
Karate has vulnerable dependency on json-smart package (CVE-2023-1370)
High
GHSA-5x5q-8cgm-2hjq
was published
for
com.intuit.karate:karate-core
(Maven)
Mar 31, 2023
A denial of service vulnerability exists in the FitsOutput::close() functionality of OpenImageIO...
High
Unreviewed
CVE-2023-24472
was published
Mar 30, 2023
An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c allows attackers to cause a...
Moderate
Unreviewed
CVE-2020-36691
was published
Mar 24, 2023
json-smart Uncontrolled Recursion vulnerabilty
High
CVE-2023-1370
was published
for
net.minidev:json-smart
(Maven)
Mar 23, 2023
Jettison vulnerable to infinite recursion
High
CVE-2023-1436
was published
for
org.codehaus.jettison:jettison
(Maven)
Mar 22, 2023
ProTip!
Advisories are also available from the
GraphQL API