Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,426
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,670
Pub
13
RubyGems
1,029
Rust
1,212
Swift
53
Unreviewed advisories
All unreviewed
5,000+

694 advisories

Loading
Loop with unreachable exit condition ('infinite loop') vulnerability in The Wikimedia Foundation... Moderate Unreviewed
CVE-2026-39934 was published Apr 8, 2026
A flaw was identified in the RAR5 archive decompression logic of the libarchive library,... High Unreviewed
CVE-2026-4111 was published Mar 13, 2026
Micronaut vulnerable to DoS via crafted form-urlencoded body binding with descending array indices High
CVE-2026-33013 was published for io.micronaut:micronaut-json-core (Maven) Mar 17, 2026
shblue21 Credited to shblue21
XPath: Boolean expression infinite loop leads to denial of service via CPU exhaustion High
CVE-2026-32287 was published for github.com/antchfx/xpath (Go) Mar 29, 2026
jsrsasign is vulnerable to DoS through Infinite Loop when processing zero or negative inputs High
CVE-2026-4598 was published for jsrsasign (npm) Mar 23, 2026
Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input High
CVE-2026-33891 was published for node-forge (npm) Mar 26, 2026
Kr0emer Credited to Kr0emer
pypdf: Possible infinite loop during recovery attempts in DictionaryObject.read_from_stream Moderate
CVE-2026-33699 was published for pypdf (pip) Mar 25, 2026
kejcao Credited to kejcao and stefan6419846 stefan6419846 stefan6419846
Denial of service via non-terminating SYLT frame parsing loop in tinytag Moderate
CVE-2026-32889 was published for tinytag (pip) Mar 19, 2026
kq5y Credited to kq5y
UltraJSON has an integer overflow handling large indent leads to buffer overflow or infinite loop High
CVE-2026-32875 was published for ujson (pip) Mar 18, 2026
vmfunc Credited to vmfunc and bwoodsend bwoodsend bwoodsend
Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file Moderate
CVE-2024-25710 was published for org.apache.commons:commons-compress (Maven) Feb 19, 2024
oscerd Credited to oscerd and anonymous-nlp-student anonymous-nlp-student anonymous-nlp-student
music-metadata has an infinite loop vulnerability in ASF parser High
CVE-2026-32256 was published for music-metadata (npm) Mar 17, 2026
ByamB4 Credited to ByamB4
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix infinite loop... Moderate Unreviewed
CVE-2026-23220 was published Feb 18, 2026
In the Linux kernel, the following vulnerability has been resolved: can: gs_usb:... Moderate Unreviewed
CVE-2026-23082 was published Feb 4, 2026
In the Linux kernel, the following vulnerability has been resolved: fs/writeback: skip... Moderate Unreviewed
CVE-2026-23109 was published Feb 4, 2026
libexpat before 2.7.5 allows an infinite loop while parsing DTD content. Moderate Unreviewed
CVE-2026-32777 was published Mar 16, 2026
file-type affected by infinite loop in ASF parser on malformed input with zero-size sub-header Moderate
CVE-2026-31808 was published for file-type (npm) Mar 10, 2026
GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a... Moderate Unreviewed
CVE-2025-69647 was published Mar 9, 2026
GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a... Moderate Unreviewed
CVE-2025-69648 was published Mar 9, 2026
It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does... High Unreviewed
CVE-2026-2219 was published Mar 7, 2026
Multiple Cisco products are affected by a vulnerability in the Snort 3 VBA feature that could... Moderate Unreviewed
CVE-2026-20054 was published Mar 4, 2026
pypdf has a possible infinite loop when loading circular /Prev entries in cross-reference streams Low
CVE-2026-27628 was published for pypdf (pip) Feb 25, 2026
rampageservices Credited to rampageservices
LlamaIndex Improper Handling of Exceptional Conditions vulnerability High
CVE-2024-12704 was published for llama-index-core (pip) Mar 20, 2025
fossilet Credited to fossilet
ImageMagick has a possible infinite loop in its JPEG encoder when using `jpeg:extent` Moderate
CVE-2026-26283 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
ImageMagick has infinite loop when writing IPTCTEXT leads to denial of service via crafted profile Moderate
CVE-2026-26066 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
bn.js affected by an infinite loop Moderate
CVE-2026-2739 was published for bn.js (npm) Feb 20, 2026
richardsimko Credited to richardsimko and jochenschmich-aeberle jochenschmich-aeberle jochenschmich-aeberle
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database