Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,866
Erlang
36
GitHub Actions
36
Go
2,491
Maven
5,000+
npm
4,111
NuGet
735
pip
3,933
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

295 advisories

Loading
Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat High
CVE-2016-6817 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and... High Unreviewed
CVE-2019-3900 was published May 24, 2022
In mpc8_read_header in libavformat/mpc8.c in Libav 12.3, an input file can result in an avio_seek... High Unreviewed
CVE-2019-14442 was published May 24, 2022
In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector could go into an infinite... High Unreviewed
CVE-2019-16319 was published May 24, 2022
ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated denial-of-service... High Unreviewed
CVE-2019-18217 was published May 24, 2022
Loop with Unreachable Exit Condition in Apache Thrift High
CVE-2019-0205 was published for org.apache.thrift:libthrift (Maven) May 24, 2022
A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in... High Unreviewed
CVE-2019-5097 was published May 24, 2022
In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an... High Unreviewed
CVE-2019-20421 was published May 24, 2022
lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3.9.3 mishandles truncated UTF-8... High Unreviewed
CVE-2020-7046 was published May 24, 2022
** DISPUTED ** Trustwave ModSecurity 3.x through 3.0.4 allows denial of service via a special... High Unreviewed
CVE-2020-15598 was published May 24, 2022
In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an... High Unreviewed
CVE-2020-26575 was published May 24, 2022
The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamCreateFile Denial of Service... High Unreviewed
CVE-2019-18796 was published May 24, 2022
An issue was discovered in Contiki through 3.0. An infinite loop exists in the uIP TCP/IP stack... High Unreviewed
CVE-2020-13986 was published May 24, 2022
An issue was discovered in Contiki through 3.0. An infinite loop exists in the uIP TCP/IP stack... High Unreviewed
CVE-2020-13984 was published May 24, 2022
An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. When an unsupported TCP option... High Unreviewed
CVE-2020-24337 was published May 24, 2022
On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, a large HTTP POST request sent to the... High Unreviewed
CVE-2020-28095 was published May 24, 2022
A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the... High Unreviewed
CVE-2020-36227 was published May 24, 2022
picoquic (before 3rd of July 2020) allows attackers to cause a denial of service (infinite loop)... High Unreviewed
CVE-2020-24944 was published May 24, 2022
encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom... High Unreviewed
CVE-2021-27918 was published May 24, 2022
StackStorm st2 Infinite Loop Condition High
CVE-2021-28667 was published for st2client (pip) May 24, 2022 withdrawn
A vulnerability in the Excel XLM macro parsing module in Clam AntiVirus (ClamAV) Software... High Unreviewed
CVE-2021-1252 was published May 24, 2022
A vulnerability has been identified in Nucleus 4 (All versions < V4.1.0), Nucleus NET (All... High Unreviewed
CVE-2021-25663 was published May 24, 2022
A vulnerability has been identified in Nucleus 4 (All versions < V4.1.0), Nucleus NET (All... High Unreviewed
CVE-2021-25664 was published May 24, 2022
Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. High Unreviewed
CVE-2019-25040 was published May 24, 2022
On BIG-IP version 16.0.x before 16.0.1.1 and 15.1.x before 15.1.3, malformed HTTP/2 requests may... High Unreviewed
CVE-2021-23009 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database