GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,967
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,076
Pub
10
RubyGems
832
Rust
781
Swift
34
Unreviewed advisories
All unreviewed
5,000+
107 advisories
Filter by severity
Low severity (DoS) vulnerability in sequoia-openpgp
Low
GHSA-9344-p847-qm5c
was published
for
sequoia-openpgp
(Rust)
Jun 26, 2024
Soot Infinite Loop vulnerability
High
CVE-2023-46442
was published
for
org.soot-oss:soot
(Maven)
May 24, 2024
Bouncy Castle crafted signature and public key can be used to trigger an infinite loop
Moderate
CVE-2024-30172
was published
for
BouncyCastle
(Maven)
May 14, 2024
Vitess vulnerable to infinite memory consumption and vtgate crash
Moderate
CVE-2024-32886
was published
for
github.com/vitessio/vitess
(Go)
May 8, 2024
aiohttp vulnerable to Denial of Service when trying to parse malformed POST requests
High
CVE-2024-30251
was published
for
aiohttp
(pip)
May 3, 2024
Denial of Service Vulnerability in Rustls Library
High
CVE-2024-32650
was published
for
rustls
(Rust)
Apr 19, 2024
CodeIgniter4 DoS Vulnerability
High
CVE-2024-29904
was published
for
codeigniter4/framework
(Composer)
Mar 29, 2024
Golang protojson.Unmarshal function infinite loop when unmarshaling certain forms of invalid JSON
Moderate
CVE-2024-24786
was published
for
google.golang.org/protobuf
(Go)
Mar 6, 2024
Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file
High
CVE-2024-25710
was published
for
org.apache.commons:commons-compress
(Maven)
Feb 19, 2024
IPAddress Infinite Loop vulnerability (Disputed)
Moderate
CVE-2023-50570
was published
for
com.github.seancfoley:ipaddress
(Maven)
Dec 29, 2023
•
withdrawn
hutool-core discovered to contain an infinite loop in the StrSplitter.splitByRegex function
High
CVE-2023-51075
was published
for
cn.hutool:hutool-core
(Maven)
Dec 27, 2023
Candid infinite decoding loop through specially crafted payload
High
CVE-2023-6245
was published
for
candid
(Rust)
Dec 8, 2023
Cosign vulnerable to possible endless data attack from attacker-controlled registry
Low
CVE-2023-46737
was published
for
github.com/sigstore/cosign
(Go)
Nov 8, 2023
Possible Infinite Loop when PdfWriter(clone_from) is used with a PDF
Moderate
CVE-2023-46250
was published
for
pypdf
(pip)
Oct 31, 2023
asyncua vulnerable to denial of service via infinite loop
High
CVE-2023-26151
was published
for
asyncua
(pip)
Oct 3, 2023
OpenFGA Vulnerable to DoS from circular relationship definitions
Moderate
CVE-2023-43645
was published
for
github.com/openfga/openfga
(Go)
Sep 28, 2023
x/net/html Vulnerable to DoS During HTML Parsing
High
CVE-2018-17846
was published
for
golang.org/x/net
(Go)
Sep 25, 2023
Undertow denial of service vulnerability
High
CVE-2023-1108
was published
for
io.undertow:undertow-core
(Maven)
Sep 14, 2023
FaucetSDN Ryu Denial of Service Vulnerability
High
CVE-2020-35139
was published
for
ryu
(pip)
Aug 11, 2023
FaucetSDN Ryu Denial of Service Vulnerability
High
CVE-2020-35141
was published
for
ryu
(pip)
Aug 11, 2023
PyPDF2 vulnerable to possible Infinite Loop when reading malformed objects
Moderate
CVE-2023-36807
was published
for
PyPDF2
(pip)
Jun 30, 2023
pypdf and PyPDF2 possible Infinite Loop when a comment isn't followed by a character
Moderate
CVE-2023-36464
was published
for
PyPDF2
(pip)
Jun 30, 2023
OpenFGA vulnerable to denial of service due to circular relationship
Moderate
CVE-2023-35933
was published
for
github.com/openfga/openfga
(Go)
Jun 28, 2023
SwiftNIO Extras vulnerable to improper detection of complete HTTP body decompression
High
CVE-2022-3252
was published
for
github.com/apple/swift-nio-extras
(Swift)
Jun 7, 2023
ProTip!
Advisories are also available from the
GraphQL API