Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

212 advisories

Loading
OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are... High Unreviewed
CVE-2021-27432 was published May 24, 2022
The fb_unserialize function did not impose a depth limit for nested deserialization. That meant a... High Unreviewed
CVE-2020-1898 was published May 24, 2022
A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device... Moderate Unreviewed
CVE-2021-20255 was published May 24, 2022
An issue was discovered in OSSEC 3.6.0. An uncontrolled recursion vulnerability in os_xml.c... High Unreviewed
CVE-2021-28040 was published May 24, 2022
An issue was discovered in Xen through 4.14.x. When they require assistance from the device model... Moderate Unreviewed
CVE-2020-29566 was published May 24, 2022
curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack... High Unreviewed
CVE-2020-8285 was published May 24, 2022
MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via... High Unreviewed
CVE-2020-28196 was published May 24, 2022
An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x... Moderate Unreviewed
CVE-2020-28242 was published May 24, 2022
url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger... Moderate Unreviewed
CVE-2020-25219 was published May 24, 2022
In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote... Moderate Unreviewed
CVE-2020-12100 was published May 24, 2022
In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious IMAP server can trigger... Moderate Unreviewed
CVE-2020-16094 was published May 24, 2022
ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via... Moderate Unreviewed
CVE-2020-13800 was published May 24, 2022
Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack"... Moderate Unreviewed
CVE-2020-12662 was published May 24, 2022
PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against... Moderate Unreviewed
CVE-2020-10995 was published May 24, 2022
libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c,... Moderate Unreviewed
CVE-2020-12825 was published May 24, 2022
A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba... Moderate Unreviewed
CVE-2020-10704 was published May 24, 2022
In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean... High Unreviewed
CVE-2020-12243 was published May 24, 2022
An exploitable denial-of-service vulnerability exists in the resource record-parsing... Moderate Unreviewed
CVE-2020-6071 was published May 24, 2022
A stack consumption issue is present in libyang before v1.0-r1 due to the self-referential union... Moderate Unreviewed
CVE-2019-20395 was published May 24, 2022
alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types... Moderate Unreviewed
CVE-2019-19645 was published May 24, 2022
ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because... Moderate Unreviewed
CVE-2019-18853 was published May 24, 2022
An exploitable denial-of-service vulnerability exists in the mdnscap binary of the CUJO Smart... High Unreviewed
CVE-2018-4002 was published May 24, 2022
find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as... Moderate Unreviewed
CVE-2019-17450 was published May 24, 2022
The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion. High Unreviewed
CVE-2018-16452 was published May 24, 2022
The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print()... High Unreviewed
CVE-2018-16300 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database