GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
19 advisories
Filter by severity
Infinite Loop in jsonparser
High
CVE-2020-10675
was published
for
github.com/buger/jsonparser
(Go)
May 18, 2021
golang.org/x/text Infinite loop
Moderate
CVE-2020-14040
was published
for
golang.org/x/text
(Go)
May 18, 2021
github.com/ulikunitz/xz fixes readUvarint Denial of Service (DoS)
High
CVE-2021-29482
was published
for
github.com/ulikunitz/xz
(Go)
May 25, 2021
Infinite certificate chain depth results in OctoRPKI running forever
Moderate
CVE-2021-3908
was published
for
github.com/cloudflare/cfrpki
(Go)
Nov 10, 2021
Denial of Service in docker2aci
Moderate
CVE-2016-8579
was published
for
github.com/appc/docker2aci
(Go)
Feb 15, 2022
Infinite loop in Yubico yubihsm-connector
High
CVE-2021-28484
was published
for
github.com/Yubico/yubihsm-connector
(Go)
Feb 15, 2022
golang.org/x/net/html Infinite Loop vulnerability
High
CVE-2021-33194
was published
for
golang.org/x/net
(Go)
May 24, 2022
Istio vulnerable to denial of service
High
CVE-2019-18817
was published
for
istio.io/istio
(Go)
May 24, 2022
Pion DTLS Header reconstruction method can be thrown into an infinite loop
High
CVE-2022-29190
was published
for
github.com/pion/dtls
(Go)
May 24, 2022
socks Infinite Loop vulnerability
High
CVE-2013-10005
was published
for
github.com/btcsuite/go-socks
(Go)
Dec 28, 2022
OpenFGA vulnerable to denial of service due to circular relationship
Moderate
CVE-2023-35933
was published
for
github.com/openfga/openfga
(Go)
Jun 28, 2023
x/net/html Vulnerable to DoS During HTML Parsing
High
CVE-2018-17846
was published
for
golang.org/x/net
(Go)
Sep 25, 2023
OpenFGA Vulnerable to DoS from circular relationship definitions
Moderate
CVE-2023-43645
was published
for
github.com/openfga/openfga
(Go)
Sep 28, 2023
Cosign vulnerable to possible endless data attack from attacker-controlled registry
Low
CVE-2023-46737
was published
for
github.com/sigstore/cosign
(Go)
Nov 8, 2023
Golang protojson.Unmarshal function infinite loop when unmarshaling certain forms of invalid JSON
Moderate
CVE-2024-24786
was published
for
google.golang.org/protobuf
(Go)
Mar 6, 2024
Vitess vulnerable to infinite memory consumption and vtgate crash
Moderate
CVE-2024-32886
was published
for
github.com/vitessio/vitess
(Go)
May 8, 2024
sigstore-go has an unbounded loop over untrusted input can lead to endless data attack
Low
CVE-2024-45395
was published
for
github.com/sigstore/sigstore-go
(Go)
Sep 4, 2024
Infinite loop in github.com/gomarkdown/markdown
Moderate
CVE-2024-44337
was published
for
github.com/gomarkdown/markdown
(Go)
Oct 15, 2024
ProTip!
Advisories are also available from the
GraphQL API