GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,715
Erlang
34
GitHub Actions
29
Go
2,304
Maven
5,000+
npm
3,946
NuGet
711
pip
3,717
Pub
12
RubyGems
920
Rust
964
Swift
38
Unreviewed advisories
All unreviewed
5,000+
306 advisories
Filter by severity
The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote...
Moderate
Unreviewed
CVE-2017-18267
was published
May 13, 2022
In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImage function of the coders...
Moderate
Unreviewed
CVE-2018-10177
was published
May 13, 2022
In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ReadBMPImage function of the coders...
Moderate
Unreviewed
CVE-2018-18024
was published
May 13, 2022
ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service ...
Moderate
Unreviewed
CVE-2015-8901
was published
May 13, 2022
On BIG-IP 11.5.1-11.6.3.2, 12.1.3.4-12.1.3.7, 13.0.0 HF1-13.1.1.1, and 14.0.0-14.0.0.2, Multi...
Moderate
Unreviewed
CVE-2019-6594
was published
May 13, 2022
In libsixel v1.8.2, there is an infinite loop in the function sixel_decode_raw_impl() in the file...
Moderate
Unreviewed
CVE-2019-3573
was published
May 13, 2022
Improper Handling of Missing Values in kaml
Moderate
CVE-2021-39194
was published
for
com.charleskorn.kaml:kaml
(Maven)
Sep 7, 2021
libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0...
Moderate
Unreviewed
CVE-2019-1000020
was published
May 13, 2022
Infinite loop in Apache MINA
Moderate
CVE-2021-41973
was published
for
org.apache.mina:mina-core
(Maven)
Nov 3, 2021
Infinite loop in Apache Tika
Moderate
CVE-2021-28657
was published
for
org.apache.tika:tika
(Maven)
May 10, 2021
hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause...
Moderate
Unreviewed
CVE-2017-8112
was published
May 13, 2022
libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service ...
Moderate
Unreviewed
CVE-2018-14567
was published
May 13, 2022
The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick Emulator) allows local guest OS...
Moderate
Unreviewed
CVE-2016-7909
was published
May 13, 2022
A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid...
Moderate
Unreviewed
CVE-2019-3819
was published
May 13, 2022
QEMU (aka Quick Emulator) built with the ColdFire Fast Ethernet Controller emulator support is...
Moderate
Unreviewed
CVE-2016-9776
was published
May 13, 2022
A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A...
Moderate
Unreviewed
CVE-2020-25641
was published
May 24, 2022
In FFmpeg 2.4 and 3.3.3, the read_data function in libavformat/hls.c does not restrict reload...
Moderate
Unreviewed
CVE-2017-14058
was published
May 13, 2022
The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows...
Moderate
Unreviewed
CVE-2018-19840
was published
May 13, 2022
An issue was discovered in cairo 1.16.0. There is an infinite loop in the function...
Moderate
Unreviewed
CVE-2019-6462
was published
May 13, 2022
In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and...
Moderate
Unreviewed
CVE-2018-20467
was published
May 13, 2022
In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the...
Moderate
Unreviewed
CVE-2018-5650
was published
May 13, 2022
GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which...
Moderate
Unreviewed
CVE-2018-20482
was published
May 13, 2022
The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local...
Moderate
Unreviewed
CVE-2015-8785
was published
May 13, 2022
ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite...
Moderate
Unreviewed
CVE-2012-0248
was published
May 4, 2022
Adobe Shockwave Player before 11.5.7.609 allows remote attackers to cause a denial of service ...
Moderate
Unreviewed
CVE-2010-1282
was published
May 2, 2022
ProTip!
Advisories are also available from the
GraphQL API