Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

111 advisories

Loading
Keycloak vulnerable to infinite loop based Denial of Service High
CVE-2017-2646 was published for org.keycloak:keycloak-core (Maven) Oct 18, 2018
Uncontrolled resource consumption in validators Python package High
CVE-2019-19588 was published for validators (pip) Jan 21, 2020
Moderate severity vulnerability that affects org.apache.tika:tika-core Moderate
CVE-2018-1338 was published for org.apache.tika:tika-core (Maven) Oct 17, 2018
Moderate severity vulnerability that affects io.undertow:undertow-core Moderate
CVE-2017-2670 was published for io.undertow:undertow-core (Maven) Oct 19, 2018
Moderate severity vulnerability that affects org.keycloak:keycloak-core Moderate
CVE-2018-10912 was published for org.keycloak:keycloak-core (Maven) Oct 18, 2018
Denial of Service in docker2aci Moderate
CVE-2016-8579 was published for github.com/appc/docker2aci (Go) Feb 15, 2022
Infinite loop causing Denial of Service in colors High
GHSA-5rqg-jm4f-cqx7 was published for Colors (npm) Jan 10, 2022
G-Rath
Infinite loop in .Net Bond High
CVE-2020-1469 was published for Bond.Core.CSharp (NuGet) Apr 8, 2022
Junrar vulnerable to Infinite Loop Moderate
CVE-2018-12418 was published for com.github.junrar:junrar (Maven) Oct 17, 2018
Infinite Loop in rencode High
CVE-2021-40839 was published for rencode (pip) Sep 13, 2021
Loop with Unreachable Exit Condition in Apache POI Moderate
CVE-2014-9527 was published for org.apache.poi:poi (Maven) May 17, 2022
Loop with Unreachable Exit Condition in Apache PDFBox Moderate
CVE-2018-8036 was published for org.apache.pdfbox:pdfbox (Maven) May 13, 2022
XStream can cause a Denial of Service Moderate
CVE-2021-39140 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
Infinite Loop in Apache PDFBox Moderate
CVE-2021-31812 was published for org.apache.pdfbox:pdfbox (Maven) Jun 15, 2021
Excessive Iteration in Compress High
CVE-2021-35515 was published for org.apache.commons:commons-compress (Maven) Aug 2, 2021
Uncaught Exception in jsoup High
CVE-2021-37714 was published for org.jsoup:jsoup (Maven) Aug 23, 2021
0roman
Loop with Unreachable Exit Condition in Apache Thrift High
CVE-2019-0205 was published for org.apache.thrift:libthrift (Maven) May 24, 2022
Infinite loop in jpeg-js High
CVE-2022-25851 was published for jpeg-js (npm) Jun 11, 2022
Numpy missing input validation High
CVE-2017-12852 was published for numpy (pip) May 13, 2022
jhutchings1
DoS vulnerability in MaliciousCode filter Moderate
CVE-2023-23617 was published for openmage/magento-lts (Composer) Jan 27, 2023
Denial of Service in Apache POI High
CVE-2017-12626 was published for org.apache.poi:poi (Maven) Jan 14, 2021
file-type vulnerable to Infinite Loop via malformed MKV file High
CVE-2022-36313 was published for file-type (npm) Jul 22, 2022
kiskoza ItalyPaleAle
Infinite Loop in Apache Tika Moderate
CVE-2020-1951 was published for org.apache.tika:tika (Maven) May 7, 2021
cumulative-distribution-function Infinite Loop vulnerability High
CVE-2021-29486 was published for cumulative-distribution-function (npm) May 4, 2021
Infinite loop in Tomcat due to parsing error High
CVE-2021-41079 was published for org.apache.tomcat:tomcat (Maven) Sep 20, 2021
ProTip! Advisories are also available from the GraphQL API