Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
50
GitHub Actions
50
Go
3,673
Maven
5,000+
npm
5,000+
NuGet
932
pip
4,891
Pub
13
RubyGems
1,051
Rust
1,315
Swift
53
Unreviewed advisories
All unreviewed
5,000+

18 advisories

Loading
Marked Vulnerable to OOM Denial of Service via Infinite Recursion in marked Tokenizer High
CVE-2026-41680 was published for marked (npm) Apr 29, 2026
MaanVader Credited to MaanVader
Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input High
CVE-2026-33891 was published for node-forge (npm) Mar 26, 2026
Kr0emer Credited to Kr0emer
jsrsasign is vulnerable to DoS through Infinite Loop when processing zero or negative inputs High
CVE-2026-4598 was published for jsrsasign (npm) Mar 23, 2026
music-metadata has an infinite loop vulnerability in ASF parser High
CVE-2026-32256 was published for music-metadata (npm) Mar 17, 2026
ByamB4 Credited to ByamB4
file-type affected by infinite loop in ASF parser on malformed input with zero-size sub-header Moderate
CVE-2026-31808 was published for file-type (npm) Mar 10, 2026
bn.js affected by an infinite loop Moderate
CVE-2026-2739 was published for bn.js (npm) Feb 20, 2026
richardsimko Credited to richardsimko and jochenschmich-aeberle jochenschmich-aeberle jochenschmich-aeberle
Sandbox escape via infinite recursion and error objects Moderate
CVE-2026-25533 was published for @enclave-vm/core (npm) Feb 5, 2026
cristianstaicu Credited to cristianstaicu and frontegg-david frontegg-david frontegg-david
jsPDF Denial of Service (DoS) High
CVE-2025-57810 was published for jspdf (npm) Aug 26, 2025
AlexRomberg Credited to AlexRomberg
ts-asn1-der has Incorrect DER Encoding of Numbers Leading to Denial of Service and Incorrect Value Representation Moderate
CVE-2025-32029 was published for @apeleghq/asn1-der (npm) Apr 7, 2025
In Azle, calling `setTimer` causes infinite loop of timers High
CVE-2025-29776 was published for azle (npm) Mar 14, 2025
Infinite loop and Blind SSRF found inside the Webfinger mechanism in @fedify/fedify Moderate
CVE-2025-23221 was published for @fedify/fedify (npm) Jan 21, 2025
nnfrog Credited to nnfrog
Predictable results in nanoid generation when given non-integer values Moderate
CVE-2024-55565 was published for nanoid (npm) Dec 9, 2024
krassowski Credited to krassowski, katzj, and CrzyHAX91 katzj katzj
CrzyHAX91 CrzyHAX91
Improper calculations in ECC implementation can trigger a Denial-of-Service (DoS) High
CVE-2023-25653 was published for node-jose (npm) Feb 16, 2023
justaugustus Credited to justaugustus and bifurcation bifurcation bifurcation
file-type vulnerable to Infinite Loop via malformed MKV file High
CVE-2022-36313 was published for file-type (npm) Jul 22, 2022
kiskoza Credited to kiskoza and ItalyPaleAle ItalyPaleAle ItalyPaleAle
Infinite loop in jpeg-js High
CVE-2022-25851 was published for jpeg-js (npm) Jun 11, 2022
Infinite Loop in colors.js High
CVE-2021-23567 was published for colors (npm) Jan 21, 2022
Infinite loop causing Denial of Service in colors High
GHSA-5rqg-jm4f-cqx7 was published for Colors (npm) Jan 10, 2022
G-Rath Credited to G-Rath
cumulative-distribution-function Infinite Loop vulnerability High
CVE-2021-29486 was published for cumulative-distribution-function (npm) May 4, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database