Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,701
Maven
5,000+
npm
4,328
NuGet
761
pip
4,103
Pub
12
RubyGems
958
Rust
1,064
Swift
45
Unreviewed advisories
All unreviewed
5,000+

44 advisories

Loading
node-forge has ASN.1 Unbounded Recursion High
CVE-2025-66031 was published for node-forge (npm) Nov 26, 2025
wodzen
Credited to wodzen
OpenSearch is vulnerable to DoS via complex query_string inputs High
CVE-2025-9624 was published for org.opensearch:opensearch-common (Maven) Nov 25, 2025
RafSobol
Credited to RafSobol
LlamaIndex affected by a Denial of Service (DOS) in JSONReader High
CVE-2025-5302 was published for llama-index-core (pip) Aug 26, 2025
XGrammar affected by Denial of Service by infinite recursion grammars High
CVE-2025-57809 was published for xgrammar (pip) Aug 25, 2025
xendo
Credited to xendo
protobuf-python has a potential Denial of Service issue High
CVE-2025-4565 was published for protobuf (pip) Jun 16, 2025
LlamaIndex Vulnerable to Denial of Service (DoS) High
CVE-2025-1752 was published for llama-index (pip) May 10, 2025
Netplex Json-smart Uncontrolled Recursion vulnerability High
CVE-2024-57699 was published for net.minidev:json-smart (Maven) Feb 6, 2025
yeikel
Credited to yeikel
ASA-2024-0012, ASA-2024-0013: CosmosSDK: Transaction decoding may result in a stack overflow or resource exhaustion High
GHSA-8wcc-m6j2-qxvm was published for cosmossdk.io/x/tx (Go) Dec 16, 2024
Apollo Query Planner and Apollo Gateway may infinitely loop on sufficiently complex queries High
CVE-2024-43414 was published for @apollo/gateway (npm) Aug 27, 2024
Undertow Denial of Service vulnerability High
CVE-2024-5971 was published for io.undertow:undertow-core (Maven) Jul 8, 2024
fawind
Credited to fawind
Rhai stack overflow vulenrability High
CVE-2024-36760 was published for rhai (Rust) Jun 13, 2024
Duplicate Advisory: sqlparse parsing heavily nested list leads to Denial of Service High
GHSA-62qf-jcq8-8gxw was published for sqlparse (pip) Apr 30, 2024 withdrawn
sqlparse parsing heavily nested list leads to Denial of Service High
CVE-2024-4340 was published for sqlparse (pip) Apr 15, 2024
uriyay-jfrog
Credited to uriyay-jfrog
CodeIgniter4 DoS Vulnerability High
CVE-2024-29904 was published for codeigniter4/framework (Composer) Mar 29, 2024
colethorsen
Credited to colethorsen
orjson does not limit recursion for deeply nested JSON documents High
CVE-2024-27454 was published for orjson (pip) Feb 26, 2024
msgpackr's conversion of property names to strings can trigger infinite recursion High
CVE-2023-52079 was published for msgpackr (npm) Dec 28, 2023
o5k
Credited to o5k
Remarshal expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack High
CVE-2023-47163 was published for remarshal (pip) Nov 13, 2023
Vapor vulnerable to denial of service in URLEncodedFormDecoder High
CVE-2022-31019 was published for github.com/vapor/vapor (Swift) Jun 7, 2023
weissi
Credited to weissi
Karate has vulnerable dependency on json-smart package (CVE-2023-1370) High
GHSA-5x5q-8cgm-2hjq was published for com.intuit.karate:karate-core (Maven) Mar 31, 2023
kdefives
Credited to kdefives
json-smart Uncontrolled Recursion vulnerability High
CVE-2023-1370 was published for net.minidev:json-smart (Maven) Mar 23, 2023
Jettison vulnerable to infinite recursion High
CVE-2023-1436 was published for org.codehaus.jettison:jettison (Maven) Mar 22, 2023
Moodle vulnerable to Uncontrolled Resource Consumption High
CVE-2021-36395 was published for moodle/moodle (Composer) Mar 6, 2023
XStream can cause Denial of Service via stack overflow High
CVE-2022-41966 was published for com.thoughtworks.xstream:xstream (Maven) Dec 29, 2022
Uncontrolled Recursion in Loofah High
CVE-2022-23516 was published for loofah (RubyGems) Dec 13, 2022
Jettison memory exhaustion High
CVE-2022-40150 was published for org.codehaus.jettison:jettison (Maven) Sep 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database