Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

209 advisories

Loading
Uncontrolled Recursion in Loofah High
CVE-2022-23516 was published for loofah (RubyGems) Dec 13, 2022
TYPO3 CMS vulnerable to Denial of Service in Page Error Handling Moderate
CVE-2022-23500 was published for typo3/cms (Composer) Dec 13, 2022
HAProxyMessageDecoder Stack Exhaustion DoS Moderate
CVE-2022-41881 was published for io.netty:netty-codec-haproxy (Maven) Dec 12, 2022
Mastodon through 4.0.2 allows attackers to cause a denial of service (large Sidekiq pull queue)... High Unreviewed
CVE-2022-46405 was published Dec 4, 2022
Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for... Moderate Unreviewed
CVE-2022-42321 was published Nov 1, 2022
It was possible to trigger an infinite recursion condition in the error handler when Hermes... High Unreviewed
CVE-2022-27810 was published Oct 7, 2022
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively... Moderate Unreviewed
CVE-2022-31628 was published Sep 29, 2022
An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37... Moderate Unreviewed
CVE-2022-28201 was published Sep 20, 2022
Jettison memory exhaustion High
CVE-2022-40150 was published for org.codehaus.jettison:jettison (Maven) Sep 17, 2022
Uncontrolled Recursion in GitHub repository gpac/gpac prior to 2.1.0-DEV. Moderate Unreviewed
CVE-2022-3222 was published Sep 16, 2022
XPDF v4.04 was discovered to contain a stack overflow via the function Catalog::countPageTree()... Moderate Unreviewed
CVE-2022-38334 was published Sep 16, 2022
A vulnerability has been found in Nintendo Game Boy Color and classified as problematic. This... High Unreviewed
CVE-2022-3216 was published Sep 15, 2022
A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial... Moderate Unreviewed
CVE-2021-3997 was published Aug 24, 2022
Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of... High Unreviewed
CVE-2022-23460 was published Aug 20, 2022
Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows... High Unreviewed
CVE-2022-30635 was published Aug 11, 2022
Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an... High Unreviewed
CVE-2022-30632 was published Aug 11, 2022
Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an... High Unreviewed
CVE-2022-30631 was published Aug 11, 2022
Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an... High Unreviewed
CVE-2022-30633 was published Aug 11, 2022
Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to... High Unreviewed
CVE-2022-30630 was published Aug 11, 2022
Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an... High Unreviewed
CVE-2022-28131 was published Aug 11, 2022
Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow... Moderate Unreviewed
CVE-2022-1962 was published Aug 11, 2022
graphql-go has infinite recursion in the type definition parser High
CVE-2022-37315 was published for github.com/graphql-go/graphql (Go) Aug 2, 2022
Juniper is vulnerable to @DOS GraphQL Nested Fragments overflow High
CVE-2022-31173 was published for juniper (Rust) Jul 29, 2022
MdotTIM karimhreda
nullswan
vm2 before 3.6.11 vulnerable to sandbox escape High
CVE-2019-10761 was published for vm2 (npm) Jul 14, 2022
URL previews of unusual or maliciously-crafted pages can crash Synapse media repositories or Synapse monoliths Moderate
CVE-2022-31052 was published for matrix-synapse (pip) Jun 29, 2022
ProTip! Advisories are also available from the GraphQL API