Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,856
Erlang
36
GitHub Actions
36
Go
2,489
Maven
5,000+
npm
4,106
NuGet
735
pip
3,928
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

13 advisories

Loading
Apache Avro Rust SDK vulnerable to reader looping in cycle endlessly, consuming CPU High
CVE-2022-35724 was published for apache-avro (Rust) Aug 10, 2022
linux-loader reading beyond EOF could lead to infinite loop Low
CVE-2022-23523 was published for linux-loader (Rust) Dec 12, 2022
likebreath
kamadak-exif vulnerable to Infinite loop when parsing PNG files Moderate
CVE-2021-21235 was published for kamadak-exif (Rust) Oct 6, 2022
Integer Overflow/Infinite Loop in the http crate High
CVE-2020-25574 was published for http (Rust) Aug 25, 2021
Routinator infinite loop vulnerability High
CVE-2021-43172 was published for routinator (Rust) May 24, 2022
Invalid handling of `X509_verify_cert()` internal errors in libssl High
CVE-2021-4044 was published for openssl-src (Rust) Dec 15, 2021
pinkforest
Candid infinite decoding loop through specially crafted payload High
CVE-2023-6245 was published for candid (Rust) Dec 8, 2023
venkkatesh-sekar chenyan-dfinity
Denial of Service Vulnerability in Rustls Library High
CVE-2024-32650 was published for rustls (Rust) Apr 19, 2024
Taowyoo arai-fortanix
jjfiv s-arash
openssl-src's infinite loop in `BN_mod_sqrt()` reachable when parsing certificates High
CVE-2022-0778 was published for openssl-src (Rust) Mar 16, 2022
rajivshah3 michaelkedar
SurrealDB CPU exhaustion via custom functions result in total DoS High
GHSA-pxw4-94j3-v9pf was published for surrealdb (Rust) Apr 11, 2025
cure53
Duplicate Advisory: Low severity (DoS) vulnerability in sequoia-openpgp Low
GHSA-g97w-mw7g-v3jv was published for sequoia-openpgp (Rust) Jul 27, 2025 withdrawn
Low severity (DoS) vulnerability in sequoia-openpgp Low
CVE-2024-58261 was published for sequoia-openpgp (Rust) Jun 26, 2024
quiche connection ID retirement can trigger an infinite loop High
CVE-2025-7054 was published for quiche (Rust) Aug 7, 2025
catenacyber
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database