Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

118 advisories

Loading
Invalid handling of `X509_verify_cert()` internal errors in libssl High
CVE-2021-4044 was published for openssl-src (Rust) Dec 15, 2021
pinkforest
Infinite certificate chain depth results in OctoRPKI running forever Moderate
CVE-2021-3908 was published for github.com/cloudflare/cfrpki (Go) Nov 10, 2021
andrewpollock
Infinite loop in Apache MINA Moderate
CVE-2021-41973 was published for org.apache.mina:mina-core (Maven) Nov 3, 2021
aikebah
Infinite loop in Tomcat due to parsing error High
CVE-2021-41079 was published for org.apache.tomcat:tomcat (Maven) Sep 20, 2021
Infinite Loop in rencode High
CVE-2021-40839 was published for rencode (pip) Sep 13, 2021
Improper Handling of Missing Values in kaml Moderate
CVE-2021-39194 was published for com.charleskorn.kaml:kaml (Maven) Sep 7, 2021
Integer Overflow/Infinite Loop in the http crate High
CVE-2020-25574 was published for http (Rust) Aug 25, 2021
XStream can cause a Denial of Service Moderate
CVE-2021-39140 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
Infinite loop in TFLite Moderate
CVE-2021-37686 was published for tensorflow (pip) Aug 25, 2021
Uncaught Exception in jsoup High
CVE-2021-37714 was published for org.jsoup:jsoup (Maven) Aug 23, 2021
0roman
Excessive Iteration in Compress High
CVE-2021-35515 was published for org.apache.commons:commons-compress (Maven) Aug 2, 2021
Infinite Loop in Apache PDFBox Moderate
CVE-2021-31812 was published for org.apache.pdfbox:pdfbox (Maven) Jun 15, 2021
Potential infinite loop in Pillow High
CVE-2021-28676 was published for Pillow (pip) Jun 8, 2021
tdunlap607
github.com/ulikunitz/xz fixes readUvarint Denial of Service (DoS) High
CVE-2021-29482 was published for github.com/ulikunitz/xz (Go) May 25, 2021
0xdecaf
Stack overflow due to looping TFLite subgraph High
CVE-2021-29591 was published for tensorflow (pip) May 21, 2021
golang.org/x/text Infinite loop Moderate
CVE-2020-14040 was published for golang.org/x/text (Go) May 18, 2021
Infinite Loop in jsonparser High
CVE-2020-10675 was published for github.com/buger/jsonparser (Go) May 18, 2021
Use of "infinity" as an input to datetime and date fields causes infinite loop in pydantic Moderate
CVE-2021-29510 was published for pydantic (pip) May 13, 2021
nina-j bluetech
Infinite loop in Apache Tika Moderate
CVE-2021-28657 was published for org.apache.tika:tika (Maven) May 10, 2021
Infinite Loop in Apache Tika Moderate
CVE-2020-1951 was published for org.apache.tika:tika (Maven) May 7, 2021
Missing Release of Memory after Effective Lifetime in Apache Tika Moderate
CVE-2020-9489 was published for org.apache.tika:tika (Maven) May 7, 2021
tdunlap607
cumulative-distribution-function Infinite Loop vulnerability High
CVE-2021-29486 was published for cumulative-distribution-function (npm) May 4, 2021
Infinite Loop in Pygments High
CVE-2021-20270 was published for Pygments (pip) Apr 20, 2021
XStream can cause a Denial of Service. High
CVE-2021-21341 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
Denial of Service in Apache POI High
CVE-2017-12626 was published for org.apache.poi:poi (Maven) Jan 14, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database