GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
68 advisories
Filter by severity
Keycloak vulnerable to infinite loop based Denial of Service
High
CVE-2017-2646
was published
for
org.keycloak:keycloak-core
(Maven)
Oct 18, 2018
Infinite loop causing Denial of Service in colors
High
GHSA-5rqg-jm4f-cqx7
was published
for
Colors
(npm)
Jan 10, 2022
Infinite loop in .Net Bond
High
CVE-2020-1469
was published
for
Bond.Core.CSharp
(NuGet)
Apr 8, 2022
Excessive Iteration in Compress
High
CVE-2021-35515
was published
for
org.apache.commons:commons-compress
(Maven)
Aug 2, 2021
Uncaught Exception in jsoup
High
CVE-2021-37714
was published
for
org.jsoup:jsoup
(Maven)
Aug 23, 2021
Loop with Unreachable Exit Condition in Apache Thrift
High
CVE-2019-0205
was published
for
org.apache.thrift:libthrift
(Maven)
May 24, 2022
Denial of Service in Apache POI
High
CVE-2017-12626
was published
for
org.apache.poi:poi
(Maven)
Jan 14, 2021
file-type vulnerable to Infinite Loop via malformed MKV file
High
CVE-2022-36313
was published
for
file-type
(npm)
Jul 22, 2022
cumulative-distribution-function Infinite Loop vulnerability
High
CVE-2021-29486
was published
for
cumulative-distribution-function
(npm)
May 4, 2021
Infinite loop in Tomcat due to parsing error
High
CVE-2021-41079
was published
for
org.apache.tomcat:tomcat
(Maven)
Sep 20, 2021
Security Update for the OPC UA .NET Standard Stack
High
CVE-2022-29862
was published
for
OPCFoundation.NetStandard.Opc.Ua.Core
(NuGet)
Jun 17, 2022
Junrar vulnerable to infinite loop via extracting carefully crafted RAR archive
High
CVE-2022-23596
was published
for
com.github.junrar:junrar
(Maven)
Feb 1, 2022
Apache Avro Rust SDK vulnerable to reader looping in cycle endlessly, consuming CPU
High
CVE-2022-35724
was published
for
apache-avro
(Rust)
Aug 10, 2022
Infinite Loop in Apache Sanselan
High
CVE-2018-17202
was published
for
org.apache.sanselan:sanselan
(Maven)
May 14, 2019
XStream can cause a Denial of Service.
High
CVE-2021-21341
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
Infinite loop in Yubico yubihsm-connector
High
CVE-2021-28484
was published
for
github.com/Yubico/yubihsm-connector
(Go)
Feb 15, 2022
Infinite loop in Apache CFX
High
CVE-2021-30468
was published
for
org.apache.cxf:apache-cxf
(Maven)
Jan 6, 2022
socks Infinite Loop vulnerability
High
CVE-2013-10005
was published
for
github.com/btcsuite/go-socks
(Go)
Dec 28, 2022
Improper calculations in ECC implementation can trigger a Denial-of-Service (DoS)
High
CVE-2023-25653
was published
for
node-jose
(npm)
Feb 16, 2023
Asciidoctor Infinite Loop vulnerability
High
CVE-2018-18385
was published
for
asciidoctor
(RubyGems)
May 13, 2022
RubyGems Infinite Loop vulnerability
High
CVE-2018-1000075
was published
for
org.jruby:jruby-stdlib
(RubyGems)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API