Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,193
Erlang
25
GitHub Actions
39
Go
2,385
Maven
3,027
npm
3,078
NuGet
529
pip
2,897
Pub
5
RubyGems
442
Rust
905
Swift
20
Unreviewed advisories
All unreviewed
5,000+

85 advisories

Loading
OpenMcdf has an Infinite loop DoS via crafted CFB directory cycle Moderate
CVE-2026-41511 was published for OpenMcdf (NuGet) Apr 22, 2026
pawlos Credited to pawlos
justhtml has sanitization bypass in custom policies and programmatic DOM Moderate
GHSA-vrx2-77f2-ww34 was published for justhtml (pip) Apr 22, 2026
EmilStenstrom Credited to EmilStenstrom
Uncontrolled resource consumption and loop with unreachable exit condition in facil.io and downstream iodine ruby gem High
GHSA-2x79-gwq3-vxxm was published for iodine (RubyGems) Apr 14, 2026
michaelknap Credited to michaelknap
Microsoft Security Advisory CVE-2026-33116 – .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability High
CVE-2026-33116 was published for System.Security.Cryptography.Xml (NuGet) Apr 14, 2026
DylanW01 Credited to DylanW01, briandesarmo, and nicky-dilemmagroep briandesarmo briandesarmo
nicky-dilemmagroep nicky-dilemmagroep
XPath: Boolean expression infinite loop leads to denial of service via CPU exhaustion High
CVE-2026-32287 was published for github.com/antchfx/xpath (Go) Mar 29, 2026
Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input High
CVE-2026-33891 was published for node-forge (npm) Mar 26, 2026
Kr0emer Credited to Kr0emer
pypdf: Possible infinite loop during recovery attempts in DictionaryObject.read_from_stream Moderate
CVE-2026-33699 was published for pypdf (pip) Mar 25, 2026
kejcao Credited to kejcao and stefan6419846 stefan6419846 stefan6419846
jsrsasign is vulnerable to DoS through Infinite Loop when processing zero or negative inputs High
CVE-2026-4598 was published for jsrsasign (npm) Mar 23, 2026
Denial of service via non-terminating SYLT frame parsing loop in tinytag Moderate
CVE-2026-32889 was published for tinytag (pip) Mar 19, 2026
kq5y Credited to kq5y
UltraJSON has an integer overflow handling large indent leads to buffer overflow or infinite loop High
CVE-2026-32875 was published for ujson (pip) Mar 18, 2026
vmfunc Credited to vmfunc and bwoodsend bwoodsend bwoodsend
music-metadata has an infinite loop vulnerability in ASF parser High
CVE-2026-32256 was published for music-metadata (npm) Mar 17, 2026
ByamB4 Credited to ByamB4
Micronaut vulnerable to DoS via crafted form-urlencoded body binding with descending array indices High
CVE-2026-33013 was published for io.micronaut:micronaut-json-core (Maven) Mar 17, 2026
shblue21 Credited to shblue21
file-type affected by infinite loop in ASF parser on malformed input with zero-size sub-header Moderate
CVE-2026-31808 was published for file-type (npm) Mar 10, 2026
pypdf has a possible infinite loop when loading circular /Prev entries in cross-reference streams Low
CVE-2026-27628 was published for pypdf (pip) Feb 25, 2026
rampageservices Credited to rampageservices
ImageMagick has a possible infinite loop in its JPEG encoder when using `jpeg:extent` Moderate
CVE-2026-26283 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
ImageMagick has infinite loop when writing IPTCTEXT leads to denial of service via crafted profile Moderate
CVE-2026-26066 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
bn.js affected by an infinite loop Moderate
CVE-2026-2739 was published for bn.js (npm) Feb 20, 2026
richardsimko Credited to richardsimko and jochenschmich-aeberle jochenschmich-aeberle jochenschmich-aeberle
pypdf has a possible infinite loop when processing TreeObject Moderate
CVE-2026-27024 was published for pypdf (pip) Feb 18, 2026
CheonWoong-Park Credited to CheonWoong-Park and stefan6419846 stefan6419846 stefan6419846
Sandbox escape via infinite recursion and error objects Moderate
CVE-2026-25533 was published for @enclave-vm/core (npm) Feb 5, 2026
cristianstaicu Credited to cristianstaicu and frontegg-david frontegg-david frontegg-david
jsonrpc4j has Infinite Loop in RPC Stream Writer Moderate
CVE-2026-24802 was published for com.github.briandilley.jsonrpc4j:jsonrpc4j (Maven) Jan 27, 2026
pypdf has possible Infinite Loop when processing outlines/bookmarks Moderate
CVE-2026-24688 was published for pypdf (pip) Jan 26, 2026
JoakimBulow Credited to JoakimBulow and stefan6419846 stefan6419846 stefan6419846
ImageMagick MSL: Stack overflow via infinite recursion in ProcessMSLScript Moderate
CVE-2026-23874 was published for Magick.NET-Q16-AnyCPU (NuGet) Jan 21, 2026
OwenSanzas Credited to OwenSanzas
AIOHTTP vulnerable to DoS when bypassing asserts Moderate
CVE-2025-69227 was published for aiohttp (pip) Jan 5, 2026
ThomasRinsma Credited to ThomasRinsma, Dreamsorcerer, and bdraco Dreamsorcerer Dreamsorcerer
bdraco bdraco
jsPDF Denial of Service (DoS) High
CVE-2025-57810 was published for jspdf (npm) Aug 26, 2025
AlexRomberg Credited to AlexRomberg
OctoPrint Vulnerable to Denial of Service through malformed HTTP request in OctoPrint Moderate
CVE-2025-48879 was published for OctoPrint (pip) Jun 10, 2025
jacopotediosi Credited to jacopotediosi
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database