Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

175 advisories

Loading
The express-xss-sanitizer (aka Express XSS Sanitizer) package through 2.0.0 for Node.js has an... Moderate Unreviewed
CVE-2025-59364 was published Sep 15, 2025
Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a... Moderate Unreviewed
CVE-2025-9714 was published Sep 10, 2025
A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive... High Unreviewed
CVE-2024-8176 was published Mar 14, 2025
Uncontrolled recursion for some TinyCBOR libraries maintained by Intel(R) before version 0.6.1... Moderate Unreviewed
CVE-2025-24302 was published Aug 12, 2025
Uncontrolled recursion for some TinyCBOR libraries maintained by Intel(R) before version 0.6.1... Moderate Unreviewed
CVE-2025-20025 was published Aug 12, 2025
NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker... High Unreviewed
CVE-2025-23325 was published Aug 6, 2025
An issue in the pdfseparate utility of freedesktop poppler v25.04.0 allows attackers to cause an... High Unreviewed
CVE-2025-50420 was published Aug 4, 2025
An issue in Artifex mupdf 1.25.6, 1.25.5 allows a remote attacker to cause a denial of service... High Unreviewed
CVE-2025-46206 was published Aug 4, 2025
ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects... High Unreviewed
CVE-2021-42717 was published Dec 8, 2021
MongoDB Server may be susceptible to stack overflow due to JSON parsing mechanism, where... High Unreviewed
CVE-2025-6710 was published Jun 26, 2025
In ims service, there is a possible system crash due to incorrect error handling. This could lead... High Unreviewed
CVE-2025-20678 was published Jun 2, 2025
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via... Moderate Unreviewed
CVE-2022-25313 was published Feb 19, 2022
In some circumstances, when DNSdist is configured to allow an unlimited number of queries on a... High Unreviewed
CVE-2025-30193 was published May 20, 2025
In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion... High Unreviewed
CVE-2017-11164 was published May 13, 2022
In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause... High Unreviewed
CVE-2017-9766 was published May 13, 2022
libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of... High Unreviewed
CVE-2017-9438 was published May 13, 2022
VisiCut 2.1 allows stack consumption via an XML document with nested set elements, as... Low Unreviewed
CVE-2025-43708 was published Apr 17, 2025
The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a... Moderate Unreviewed
CVE-2007-1285 was published May 1, 2022
A remote attacker might be able to cause infinite recursion in PowerDNS Recursor 4.8.0 via a DNS... High Unreviewed
CVE-2023-22617 was published Jan 21, 2023
An issue was discovered in Datalust Seq before 2024.3.13545. An insecure default parsing depth... Moderate Unreviewed
CVE-2024-58102 was published Mar 11, 2025
Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10 allows... High Unreviewed
CVE-2025-1492 was published Feb 20, 2025
A stack consumption issue in sqfs_size in Das U-Boot before 2025.01-rc1 occurs via a crafted... Low Unreviewed
CVE-2024-57257 was published Feb 19, 2025
cpdf through 2.8 allows stack consumption via a crafted PDF document. Moderate Unreviewed
CVE-2024-54731 was published Jan 8, 2025
In the Linux kernel, the following vulnerability has been resolved: afs: Fix lock recursion ... Moderate Unreviewed
CVE-2024-53090 was published Nov 21, 2024
In Faust 2.23.1, an input file with the lines "// r visualisation tCst" and "//process = +: L:... High Unreviewed
CVE-2021-41737 was published Nov 11, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database