Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

92 advisories

Loading
The express-xss-sanitizer (aka Express XSS Sanitizer) package through 2.0.0 for Node.js has an... Moderate Unreviewed
CVE-2025-59364 was published Sep 15, 2025
Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a... Moderate Unreviewed
CVE-2025-9714 was published Sep 10, 2025
Uncontrolled recursion for some TinyCBOR libraries maintained by Intel(R) before version 0.6.1... Moderate Unreviewed
CVE-2025-24302 was published Aug 12, 2025
Uncontrolled recursion for some TinyCBOR libraries maintained by Intel(R) before version 0.6.1... Moderate Unreviewed
CVE-2025-20025 was published Aug 12, 2025
An issue was discovered in Datalust Seq before 2024.3.13545. An insecure default parsing depth... Moderate Unreviewed
CVE-2024-58102 was published Mar 11, 2025
cpdf through 2.8 allows stack consumption via a crafted PDF document. Moderate Unreviewed
CVE-2024-54731 was published Jan 8, 2025
In the Linux kernel, the following vulnerability has been resolved: afs: Fix lock recursion ... Moderate Unreviewed
CVE-2024-53090 was published Nov 21, 2024
In the Linux kernel, the following vulnerability has been resolved: vsock: fix recursive -... Moderate Unreviewed
CVE-2024-44996 was published Sep 4, 2024
An issue in the anchors subparser of Showdownjs versions <= 2.1.0 could allow a remote attacker... Moderate Unreviewed
CVE-2024-1899 was published Feb 26, 2024
MuPDF v1.21.1 was discovered to contain an infinite recursion in the component pdf_mark_list_push... Moderate Unreviewed
CVE-2023-31794 was published Oct 31, 2023
An infinite recursion in Catalog::findDestInTree can cause denial of service for xpdf 4.02. Moderate Unreviewed
CVE-2022-48545 was published Aug 22, 2023
 In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tree leads to infinite... Moderate Unreviewed
CVE-2023-2664 was published Jul 6, 2023
 In Xpdf 4.04 (and earlier), a PDF object loop in the page label tree leads to infinite recursion... Moderate Unreviewed
CVE-2023-2663 was published Jul 6, 2023
An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c allows attackers to cause a... Moderate Unreviewed
CVE-2020-36691 was published Mar 24, 2023
In dotCMS 5.x-22.06, it is possible to call the TempResource multiple times, each time requesting... Moderate Unreviewed
CVE-2022-37034 was published Feb 2, 2023
GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 has a segment fault (/stack overflow) due to infinite... Moderate Unreviewed
CVE-2022-47662 was published Jan 5, 2023
Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for... Moderate Unreviewed
CVE-2022-42321 was published Nov 1, 2022
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively... Moderate Unreviewed
CVE-2022-31628 was published Sep 29, 2022
An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37... Moderate Unreviewed
CVE-2022-28201 was published Sep 20, 2022
Uncontrolled Recursion in GitHub repository gpac/gpac prior to 2.1.0-DEV. Moderate Unreviewed
CVE-2022-3222 was published Sep 16, 2022
XPDF v4.04 was discovered to contain a stack overflow via the function Catalog::countPageTree()... Moderate Unreviewed
CVE-2022-38334 was published Sep 16, 2022
A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial... Moderate Unreviewed
CVE-2021-3997 was published Aug 24, 2022
Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow... Moderate Unreviewed
CVE-2022-1962 was published Aug 11, 2022
A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for... Moderate Unreviewed
CVE-2019-18854 was published May 24, 2022
When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory function in PluginTIFF.cpp... Moderate Unreviewed
CVE-2019-12213 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database