Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,037
Erlang
29
GitHub Actions
18
Go
1,851
Maven
5,000+
npm
3,586
NuGet
636
pip
3,169
Pub
10
RubyGems
850
Rust
803
Swift
34
Unreviewed advisories
All unreviewed
5,000+

204 advisories

matrix-js-sdk will freeze when a user sets a room with itself as a its predecessor Moderate
CVE-2024-42369 was published for matrix-js-sdk (npm) Aug 20, 2024
morguldir
In Xpdf 4.05 (and earlier), a PDF object loop in a pattern resource leads to infinite recursion... Low Unreviewed
CVE-2024-7866 was published Aug 15, 2024
Secure Boot Security Feature Bypass Vulnerability High Unreviewed
CVE-2024-37973 was published Jul 9, 2024
Undertow Denial of Service vulnerability High
CVE-2024-5971 was published for io.undertow:undertow-core (Maven) Jul 8, 2024
Rhai stack overflow vulenrability High
CVE-2024-36760 was published for rhai (Rust) Jun 13, 2024
HDF5 Library through 1.14.3 allows stack consumption in the function H5E_printf_stack in H5Eint.c. High Unreviewed
CVE-2024-32609 was published May 14, 2024
In Xpdf 4.05 (and earlier), a PDF object loop in the PDF resources leads to infinite recursion... Low Unreviewed
CVE-2024-4568 was published May 6, 2024
Duplicate Advisory: sqlparse parsing heavily nested list leads to Denial of Service High
GHSA-62qf-jcq8-8gxw was published for sqlparse (pip) Apr 30, 2024 withdrawn
sqlparse parsing heavily nested list leads to Denial of Service High
CVE-2024-4340 was published for sqlparse (pip) Apr 15, 2024
uriyay-jfrog
In Xpdf 4.05 (and earlier), a PDF object loop in the attachments leads to infinite recursion and... Low Unreviewed
CVE-2024-3248 was published Apr 3, 2024
In Xpdf 4.05 (and earlier), a PDF object loop in an object stream leads to infinite recursion and... Low Unreviewed
CVE-2024-3247 was published Apr 3, 2024
LinuxServer.io Heimdall before 2.5.7 does not prevent use of icons that have non-image data such... Critical Unreviewed
CVE-2023-51803 was published Apr 1, 2024
A vulnerability in the Locator ID Separation Protocol (LISP) feature of Cisco IOS Software and... High Unreviewed
CVE-2024-20311 was published Mar 27, 2024
KaTeX's maxExpand bypassed by Unicode sub/superscripts Moderate
CVE-2024-28244 was published for katex (npm) Mar 25, 2024
jupenur ronkok
edemaine
KaTeX's maxExpand bypassed by `\edef` Moderate
CVE-2024-28243 was published for katex (npm) Mar 25, 2024
jupenur edemaine
An issue in the anchors subparser of Showdownjs versions <= 2.1.0 could allow a remote attacker... Moderate Unreviewed
CVE-2024-1899 was published Feb 26, 2024
orjson does not limit recursion for deeply nested JSON documents High
CVE-2024-27454 was published for orjson (pip) Feb 26, 2024
Uncontrolled Recursion in SurrealQL Parsing Moderate
GHSA-6r8p-hpg7-825g was published for surrealdb (Rust) Jan 18, 2024
DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or... High Unreviewed
CVE-2024-0211 was published Jan 3, 2024
Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or... High Unreviewed
CVE-2024-0210 was published Jan 3, 2024
GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of... High Unreviewed
CVE-2024-0208 was published Jan 3, 2024
msgpackr's conversion of property names to strings can trigger infinite recursion High
CVE-2023-52079 was published for msgpackr (npm) Dec 28, 2023
o5k
Denial of service caused by infinite recursion when parsing SVG document Moderate
CVE-2023-50251 was published for phenx/php-svg-lib (Composer) Dec 13, 2023
cod3beat
A vulnerability has been identified in SIMATIC PC-Station Plus (All versions), SIMATIC S7-400 CPU... High Unreviewed
CVE-2022-47374 was published Dec 12, 2023
Remarshal expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack High
CVE-2023-47163 was published for remarshal (pip) Nov 13, 2023
ProTip! Advisories are also available from the GraphQL API