Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

104 advisories

Loading
smol-toml has a Denial of Service via malicious TOML document using deeply nested inline tables Moderate
GHSA-pqhp-25j4-6hq9 was published for smol-toml (npm) Nov 22, 2024
TheKodeToad
Denial of Service condition in Next.js image optimization Moderate
CVE-2024-47831 was published for next (npm) Oct 14, 2024
Denial of service in langchain-community Moderate
CVE-2024-2965 was published for langchain (pip) Jun 6, 2024
eyurtsev efriis
Exiv2 has a denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder Moderate
CVE-2024-25112 was published for exiv2 (pip) Oct 17, 2024
westonsteimel
In the Linux kernel, the following vulnerability has been resolved: vsock: fix recursive -... Moderate Unreviewed
CVE-2024-44996 was published Sep 4, 2024
svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in... Moderate Unreviewed
CVE-2019-6131 was published May 13, 2022
Miniscript allows stack consumption Moderate
CVE-2024-44073 was published for miniscript (Rust) Aug 19, 2024
apoelstra
matrix-js-sdk will freeze when a user sets a room with itself as a its predecessor Moderate
CVE-2024-42369 was published for matrix-js-sdk (npm) Aug 20, 2024
morguldir
An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x... Moderate Unreviewed
CVE-2020-28242 was published May 24, 2022
An issue in the anchors subparser of Showdownjs versions <= 2.1.0 could allow a remote attacker... Moderate Unreviewed
CVE-2024-1899 was published Feb 26, 2024
golang.org/x/net/http/httpguts vulnerable to Uncontrolled Recursion Moderate
CVE-2021-31525 was published for golang.org/x/net (Go) May 24, 2022
In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers... Moderate Unreviewed
CVE-2019-15144 was published May 24, 2022
An infinite recursion in Catalog::findDestInTree can cause denial of service for xpdf 4.02. Moderate Unreviewed
CVE-2022-48545 was published Aug 22, 2023
 In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tree leads to infinite... Moderate Unreviewed
CVE-2023-2664 was published Jul 6, 2023
 In Xpdf 4.04 (and earlier), a PDF object loop in the page label tree leads to infinite recursion... Moderate Unreviewed
CVE-2023-2663 was published Jul 6, 2023
alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types... Moderate Unreviewed
CVE-2019-19645 was published May 24, 2022
Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to stack exhaustion. By... Moderate Unreviewed
CVE-2019-13955 was published May 24, 2022
yaml-rust 0.4.0 and earlier is affected by: Uncontrolled Recursion. The impact is: Denial of... Moderate Unreviewed
CVE-2019-1010182 was published May 24, 2022
serde serde_yaml 0.6.0 to 0.8.3 is affected by: Uncontrolled Recursion. The impact is: Denial of... Moderate Unreviewed
CVE-2019-1010183 was published May 24, 2022
KaTeX's maxExpand bypassed by Unicode sub/superscripts Moderate
CVE-2024-28244 was published for katex (npm) Mar 25, 2024
jupenur ronkok
edemaine
KaTeX's maxExpand bypassed by `\edef` Moderate
CVE-2024-28243 was published for katex (npm) Mar 25, 2024
jupenur edemaine
Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for... Moderate Unreviewed
CVE-2022-42321 was published Nov 1, 2022
The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a... Moderate Unreviewed
CVE-2007-1285 was published May 1, 2022
check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion,... Moderate Unreviewed
CVE-2019-15118 was published May 24, 2022
Denial of Service in Page Error Handling Moderate
CVE-2021-21359 was published for typo3/cms (Composer) Mar 23, 2021
derhansen
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database