Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

617 advisories

Loading
libhttp/url.c in shellinabox through 2.20 has an implementation flaw in the HTTP request parsing... High Unreviewed
CVE-2018-16789 was published May 13, 2022
Infinite loop in Yubico yubihsm-connector High
CVE-2021-28484 was published for github.com/Yubico/yubihsm-connector (Go) Feb 15, 2022
Infinite loop in Apache Tika Moderate
CVE-2021-28657 was published for org.apache.tika:tika (Maven) May 10, 2021
XStream can cause a Denial of Service. High
CVE-2021-21341 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the... High Unreviewed
CVE-2017-18273 was published May 13, 2022
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the... High Unreviewed
CVE-2017-18271 was published May 13, 2022
hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause... Moderate Unreviewed
CVE-2017-8112 was published May 13, 2022
libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service ... Moderate Unreviewed
CVE-2018-14567 was published May 13, 2022
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the DMP dissector could go into an infinite loop... High Unreviewed
CVE-2018-7421 was published May 13, 2022
The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick Emulator) allows local guest OS... Moderate Unreviewed
CVE-2016-7909 was published May 13, 2022
A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid... Moderate Unreviewed
CVE-2019-3819 was published May 13, 2022
LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contains a CWE-835: Infinite loop... High Unreviewed
CVE-2018-20021 was published May 13, 2022
An error within the "parse_minolta()" function (dcraw/dcraw.c) in LibRaw versions prior to 0.18... High Unreviewed
CVE-2018-5813 was published May 13, 2022
QEMU (aka Quick Emulator) built with the ColdFire Fast Ethernet Controller emulator support is... Moderate Unreviewed
CVE-2016-9776 was published May 13, 2022
A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A... Moderate Unreviewed
CVE-2020-25641 was published May 24, 2022
In FFmpeg 2.4 and 3.3.3, the read_data function in libavformat/hls.c does not restrict reload... Moderate Unreviewed
CVE-2017-14058 was published May 13, 2022
The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows... Moderate Unreviewed
CVE-2018-19840 was published May 13, 2022
An issue was discovered in cairo 1.16.0. There is an infinite loop in the function... Moderate Unreviewed
CVE-2019-6462 was published May 13, 2022
In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows... Critical Unreviewed
CVE-2018-20784 was published May 13, 2022
In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and... Moderate Unreviewed
CVE-2018-20467 was published May 13, 2022
In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the... Moderate Unreviewed
CVE-2018-5650 was published May 13, 2022
An issue was discovered in Daimler Mercedes-Benz COMAND 17/13.0 50.12 on Mercedes-Benz C-Class... High Unreviewed
CVE-2018-18070 was published May 13, 2022
GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which... Moderate Unreviewed
CVE-2018-20482 was published May 13, 2022
The Kepware DNP Master Driver for the KEPServerEX Communications Platform before 5.12.140.0... High Unreviewed
CVE-2013-2789 was published May 13, 2022
The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local... Moderate Unreviewed
CVE-2015-8785 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database