GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,069
Maven
5,000+
npm
3,744
NuGet
668
pip
3,429
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+
69 advisories
Filter by severity
Pion DTLS Header reconstruction method can be thrown into an infinite loop
High
CVE-2022-29190
was published
for
github.com/pion/dtls
(Go)
May 24, 2022
Istio vulnerable to denial of service
High
CVE-2019-18817
was published
for
istio.io/istio
(Go)
May 24, 2022
Routinator infinite loop vulnerability
High
CVE-2021-43172
was published
for
routinator
(Rust)
May 24, 2022
golang.org/x/net/html Infinite Loop vulnerability
High
CVE-2021-33194
was published
for
golang.org/x/net
(Go)
May 24, 2022
StackStorm st2 Infinite Loop Condition
High
CVE-2021-28667
was published
for
st2client
(pip)
May 24, 2022
•
withdrawn
Loop with Unreachable Exit Condition in Apache Thrift
High
CVE-2019-0205
was published
for
org.apache.thrift:libthrift
(Maven)
May 24, 2022
Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat
High
CVE-2016-6817
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Asciidoctor Infinite Loop vulnerability
High
CVE-2018-18385
was published
for
asciidoctor
(RubyGems)
May 13, 2022
RubyGems Infinite Loop vulnerability
High
CVE-2018-1000075
was published
for
org.jruby:jruby-stdlib
(RubyGems)
May 13, 2022
Loop with Unreachable Exit Condition in Netty
High
CVE-2016-4970
was published
for
io.netty:netty-handler
(Maven)
May 13, 2022
Nokogiri gem, via libxml, is affected by DoS vulnerabilities
High
CVE-2017-16932
was published
for
nokogiri
(RubyGems)
May 13, 2022
Infinite loop in .Net Bond
High
CVE-2020-1469
was published
for
Bond.Core.CSharp
(NuGet)
Apr 8, 2022
openssl-src's infinite loop in `BN_mod_sqrt()` reachable when parsing certificates
High
CVE-2022-0778
was published
for
openssl-src
(Rust)
Mar 16, 2022
Infinite loop in Yubico yubihsm-connector
High
CVE-2021-28484
was published
for
github.com/Yubico/yubihsm-connector
(Go)
Feb 15, 2022
Infinite Loop in Apache Tomcat
High
CVE-2020-13935
was published
for
org.apache.tomcat:tomcat
(Maven)
Feb 8, 2022
Junrar vulnerable to infinite loop via extracting carefully crafted RAR archive
High
CVE-2022-23596
was published
for
com.github.junrar:junrar
(Maven)
Feb 1, 2022
Infinite loop causing Denial of Service in colors
High
GHSA-5rqg-jm4f-cqx7
was published
for
Colors
(npm)
Jan 10, 2022
Infinite loop in Apache CFX
High
CVE-2021-30468
was published
for
org.apache.cxf:apache-cxf
(Maven)
Jan 6, 2022
Invalid handling of `X509_verify_cert()` internal errors in libssl
High
CVE-2021-4044
was published
for
openssl-src
(Rust)
Dec 15, 2021
Infinite loop in Tomcat due to parsing error
High
CVE-2021-41079
was published
for
org.apache.tomcat:tomcat
(Maven)
Sep 20, 2021
ProTip!
Advisories are also available from the
GraphQL API