Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,154
NuGet
736
pip
3,953
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

21 advisories

Loading
Untrusted data can lead to DoS attack due to hash collisions and stack overflow in MessagePack Moderate
CVE-2020-5234 was published for MessagePack (NuGet) Jan 31, 2020
snakeYAML before 1.31 vulnerable to Denial of Service due to Out-of-bounds Write Moderate
CVE-2022-38750 was published for org.yaml:snakeyaml (Maven) Sep 6, 2022
snakeYAML before 1.32 vulnerable to Denial of Service due to Out-of-bounds Write Moderate
CVE-2022-38752 was published for org.yaml:snakeyaml (Maven) Sep 6, 2022
mprins
snakeYAML before 1.31 vulnerable to Denial of Service due to Out-of-bounds Write Moderate
CVE-2022-38751 was published for org.yaml:snakeyaml (Maven) Sep 6, 2022
snakeYAML before 1.31 vulnerable to Denial of Service due to Out-of-bounds Write Moderate
CVE-2022-38749 was published for be.cylab:snakeyaml (Maven) Sep 6, 2022
Jettison parser crash by stackoverflow Moderate
CVE-2022-40149 was published for org.codehaus.jettison:jettison (Maven) Sep 17, 2022
coheigea
Denial of Service due to parser crash Moderate
CVE-2022-40152 was published for com.fasterxml.woodstox:woodstox-core (Maven) Sep 17, 2022
Tsuesun furti
Snakeyaml vulnerable to Stack overflow leading to denial of service Moderate
CVE-2022-41854 was published for org.yaml:snakeyaml (Maven) Nov 11, 2022
peter-janssen p3pijn
atul-exabeam fabien-chebel sfblackl-intel
XStream can cause Denial of Service via stack overflow High
CVE-2022-41966 was published for com.thoughtworks.xstream:xstream (Maven) Dec 29, 2022
XStream can cause a Denial of Service by injecting deeply nested objects raising a stack overflow High
CVE-2022-40151 was published for com.thoughtworks.xstream:xstream (Maven) Dec 30, 2022
Vapor vulnerable to denial of service in URLEncodedFormDecoder High
CVE-2022-31019 was published for github.com/vapor/vapor (Swift) Jun 7, 2023
weissi
Jettison parser crash by stackoverflow Moderate
GHSA-xqcq-j8w9-3pxv was published for com.tencyle.fixes:org.codehaus.jettison--jettison (Maven) Aug 1, 2023
Elasticsearch vulnerable to stack overflow in the search API Moderate
CVE-2023-31419 was published for org.elasticsearch:elasticsearch (Maven) Oct 26, 2023
whoami stack buffer overflow on several Unix platforms High
GHSA-w5w5-8vfh-xcjq was published for whoami (Rust) Apr 5, 2024
CWA-2024-005: Stackoverflow in wasmd High
GHSA-g8w7-7vgg-x7xg was published for github.com/CosmWasm/wasmd (Go) Aug 21, 2024
unknownfeature
XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream High
CVE-2024-47072 was published for com.thoughtworks.xstream:xstream (Maven) Nov 7, 2024
DarkaMaul
Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171 Low
GHSA-vvfq-8hwr-qm4m was published for nokogiri (RubyGems) Feb 18, 2025
Rancher allows an unauthenticated stack overflow in /v3-public/authproviders API High
CVE-2025-23388 was published for github.com/rancher/rancher (Go) Feb 27, 2025
AnonySE26
Helm Allows A Specially Crafted JSON Schema To Cause A Stack Overflow Moderate
CVE-2025-32387 was published for helm.sh/helm/v3 (Go) Apr 10, 2025
jake-ciolek
jackson-core can throw a StackoverflowError when processing deeply nested data High
CVE-2025-52999 was published for com.fasterxml.jackson.core:jackson-core (Maven) Jun 27, 2025
MaterialX Stack Overflow via Lack of MTLX XML Parsing Recursion Limit Moderate
CVE-2025-53009 was published for MaterialX (pip) Jul 31, 2025
suidpit TheZ3ro
ndaprela smaury
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database