Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

40 advisories

Loading
Bouncy Castle crafted signature and public key can be used to trigger an infinite loop Moderate
CVE-2024-30172 was published for BouncyCastle (Maven) May 14, 2024
levpachmanov
Golang protojson.Unmarshal function infinite loop when unmarshaling certain forms of invalid JSON Moderate
CVE-2024-24786 was published for google.golang.org/protobuf (Go) Mar 6, 2024
oscerd chancez
Moderate severity vulnerability that affects org.apache.commons:commons-compress Moderate
CVE-2018-11771 was published for org.apache.commons:commons-compress (Maven) Oct 19, 2018
SunBK201
golang.org/x/text Infinite loop Moderate
CVE-2020-14040 was published for golang.org/x/text (Go) May 18, 2021
Loop with Unreachable Exit Condition in Apache CXF Moderate
CVE-2014-3584 was published for org.apache.cxf:cxf-rt-frontend-jaxrs (Maven) May 13, 2022
sunSUNQ SunBK201
Vitess vulnerable to infinite memory consumption and vtgate crash Moderate
CVE-2024-32886 was published for github.com/vitessio/vitess (Go) May 8, 2024
dbussink mattrobenolt
vmg
Comparison errorr in org.apache.tika:tika-core Moderate
CVE-2018-8017 was published for org.apache.tika:tika-core (Maven) Oct 17, 2018
MarkLee131
Apache Commons Compress vulnerable to denial of service due to infinite loop Moderate
CVE-2018-1324 was published for com.liferay:com.liferay.portal.tools.bundle.support (Maven) Mar 14, 2019
wtwhite MarkLee131
IPAddress Infinite Loop vulnerability (Disputed) Moderate
CVE-2023-50570 was published for com.github.seancfoley:ipaddress (Maven) Dec 29, 2023 withdrawn
mike-jumper
Possible Infinite Loop when PdfWriter(clone_from) is used with a PDF Moderate
CVE-2023-46250 was published for pypdf (pip) Oct 31, 2023
Alexhuszagh
Loop with Unreachable Exit Condition in Jenkins Moderate
CVE-2018-1000864 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Infinite Loop in Jenkins Core Moderate
CVE-2018-1999044 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
pypdf and PyPDF2 possible Infinite Loop when a comment isn't followed by a character Moderate
CVE-2023-36464 was published for PyPDF2 (pip) Jun 30, 2023
exiledkingcc
OpenFGA Vulnerable to DoS from circular relationship definitions Moderate
CVE-2023-43645 was published for github.com/openfga/openfga (Go) Sep 28, 2023
OpenFGA vulnerable to denial of service due to circular relationship Moderate
CVE-2023-35933 was published for github.com/openfga/openfga (Go) Jun 28, 2023
PyPDF2 vulnerable to possible Infinite Loop when reading malformed objects Moderate
CVE-2023-36807 was published for PyPDF2 (pip) Jun 30, 2023
MartinThoma
Infinite certificate chain depth results in OctoRPKI running forever Moderate
CVE-2021-3908 was published for github.com/cloudflare/cfrpki (Go) Nov 10, 2021
andrewpollock
Apache Tika Denial of Service due to Infinite Loop in Tika's SQLite3Parser Moderate
CVE-2018-17197 was published for org.apache.tika:tika-parsers (Maven) Dec 26, 2018
Rack vulnerable to REDoS Moderate
CVE-2012-6109 was published for rack (RubyGems) Oct 24, 2017
Manipulated inline images can cause Infinite Loop in PyPDF2 Moderate
CVE-2022-24859 was published for PyPDF2 (pip) Apr 22, 2022
Missing Release of Memory after Effective Lifetime in Apache Tika Moderate
CVE-2020-9489 was published for org.apache.tika:tika (Maven) May 7, 2021
tdunlap607
phpseclib Infinite Loop vulnerability Moderate
CVE-2023-27560 was published for phpseclib/phpseclib (Composer) Mar 3, 2023
janedbal
org.apache.tika:tika-parsers has an Infinite Loop vulnerability Moderate
CVE-2018-1339 was published for org.apache.tika:tika-parsers (Maven) Oct 17, 2018
YVoitiuk
Infinite Loop in Apache James Moderate
CVE-2021-40111 was published for org.apache.james:james-server (Maven) Jan 8, 2022
kamadak-exif vulnerable to Infinite loop when parsing PNG files Moderate
CVE-2021-21235 was published for kamadak-exif (Rust) Oct 6, 2022
ProTip! Advisories are also available from the GraphQL API