Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,704
Maven
5,000+
npm
4,328
NuGet
761
pip
4,103
Pub
12
RubyGems
958
Rust
1,064
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

79 advisories

Loading
A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive... High Unreviewed
CVE-2024-8176 was published Mar 14, 2025
Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service (deep... High Unreviewed
CVE-2016-4425 was published May 17, 2022
MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via... High Unreviewed
CVE-2020-28196 was published May 24, 2022
Uncontrolled recursion in the json2pb component in Apache bRPC (version < 1.15.0) on all... High Unreviewed
CVE-2025-59789 was published Dec 1, 2025
GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of... High Unreviewed
CVE-2024-0208 was published Jan 3, 2024
DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or... High Unreviewed
CVE-2024-0211 was published Jan 3, 2024
CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or... High Unreviewed
CVE-2023-4512 was published Aug 24, 2023
Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an... High Unreviewed
CVE-2022-30631 was published Aug 11, 2022
When a BIG-IP Advanced WAF or BIG-IP ASM Security Policy is configured with a JSON content... High Unreviewed
CVE-2025-54858 was published Oct 15, 2025
In the Linux kernel, the following vulnerability has been resolved: KVM: PPC: Book3S HV: Fix... High Unreviewed
CVE-2021-47465 was published May 22, 2024
NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker... High Unreviewed
CVE-2025-23325 was published Aug 6, 2025
An issue in Artifex mupdf 1.25.6, 1.25.5 allows a remote attacker to cause a denial of service... High Unreviewed
CVE-2025-46206 was published Aug 4, 2025
An issue in the pdfseparate utility of freedesktop poppler v25.04.0 allows attackers to cause an... High Unreviewed
CVE-2025-50420 was published Aug 4, 2025
ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects... High Unreviewed
CVE-2021-42717 was published Dec 8, 2021
MongoDB Server may be susceptible to stack overflow due to JSON parsing mechanism, where... High Unreviewed
CVE-2025-6710 was published Jun 26, 2025
In ims service, there is a possible system crash due to incorrect error handling. This could lead... High Unreviewed
CVE-2025-20678 was published Jun 2, 2025
In some circumstances, when DNSdist is configured to allow an unlimited number of queries on a... High Unreviewed
CVE-2025-30193 was published May 20, 2025
In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion... High Unreviewed
CVE-2017-11164 was published May 13, 2022
In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause... High Unreviewed
CVE-2017-9766 was published May 13, 2022
libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of... High Unreviewed
CVE-2017-9438 was published May 13, 2022
A remote attacker might be able to cause infinite recursion in PowerDNS Recursor 4.8.0 via a DNS... High Unreviewed
CVE-2023-22617 was published Jan 21, 2023
Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10 allows... High Unreviewed
CVE-2025-1492 was published Feb 20, 2025
In Faust 2.23.1, an input file with the lines "// r visualisation tCst" and "//process = +: L:... High Unreviewed
CVE-2021-41737 was published Nov 11, 2024
Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic... High Unreviewed
CVE-2024-34158 was published Sep 6, 2024
HDF5 Library through 1.14.3 allows stack consumption in the function H5E_printf_stack in H5Eint.c. High Unreviewed
CVE-2024-32609 was published May 14, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database