Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,489
Maven
5,000+
npm
5,000+
NuGet
892
pip
4,745
Pub
13
RubyGems
1,033
Rust
1,228
Swift
53
Unreviewed advisories
All unreviewed
5,000+

155 advisories

Loading
Micronaut vulnerable to DoS via crafted form-urlencoded body binding with descending array indices High
CVE-2026-33013 was published for io.micronaut:micronaut-json-core (Maven) Mar 17, 2026
shblue21 Credited to shblue21
XPath: Boolean expression infinite loop leads to denial of service via CPU exhaustion High
CVE-2026-32287 was published for github.com/antchfx/xpath (Go) Mar 29, 2026
jsrsasign is vulnerable to DoS through Infinite Loop when processing zero or negative inputs High
CVE-2026-4598 was published for jsrsasign (npm) Mar 23, 2026
Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input High
CVE-2026-33891 was published for node-forge (npm) Mar 26, 2026
Kr0emer Credited to Kr0emer
pypdf: Possible infinite loop during recovery attempts in DictionaryObject.read_from_stream Moderate
CVE-2026-33699 was published for pypdf (pip) Mar 25, 2026
kejcao Credited to kejcao and stefan6419846 stefan6419846 stefan6419846
Denial of service via non-terminating SYLT frame parsing loop in tinytag Moderate
CVE-2026-32889 was published for tinytag (pip) Mar 19, 2026
kq5y Credited to kq5y
UltraJSON has an integer overflow handling large indent leads to buffer overflow or infinite loop High
CVE-2026-32875 was published for ujson (pip) Mar 18, 2026
vmfunc Credited to vmfunc and bwoodsend bwoodsend bwoodsend
Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file Moderate
CVE-2024-25710 was published for org.apache.commons:commons-compress (Maven) Feb 19, 2024
oscerd Credited to oscerd and anonymous-nlp-student anonymous-nlp-student anonymous-nlp-student
music-metadata has an infinite loop vulnerability in ASF parser High
CVE-2026-32256 was published for music-metadata (npm) Mar 17, 2026
ByamB4 Credited to ByamB4
file-type affected by infinite loop in ASF parser on malformed input with zero-size sub-header Moderate
CVE-2026-31808 was published for file-type (npm) Mar 10, 2026
pypdf has a possible infinite loop when loading circular /Prev entries in cross-reference streams Low
CVE-2026-27628 was published for pypdf (pip) Feb 25, 2026
rampageservices Credited to rampageservices
LlamaIndex Improper Handling of Exceptional Conditions vulnerability High
CVE-2024-12704 was published for llama-index-core (pip) Mar 20, 2025
fossilet Credited to fossilet
ImageMagick has a possible infinite loop in its JPEG encoder when using `jpeg:extent` Moderate
CVE-2026-26283 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
ImageMagick has infinite loop when writing IPTCTEXT leads to denial of service via crafted profile Moderate
CVE-2026-26066 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
ylwango613 Credited to ylwango613
bn.js affected by an infinite loop Moderate
CVE-2026-2739 was published for bn.js (npm) Feb 20, 2026
richardsimko Credited to richardsimko and jochenschmich-aeberle jochenschmich-aeberle jochenschmich-aeberle
pypdf has a possible infinite loop when processing TreeObject Moderate
CVE-2026-27024 was published for pypdf (pip) Feb 18, 2026
CheonWoong-Park Credited to CheonWoong-Park and stefan6419846 stefan6419846 stefan6419846
Sandbox escape via infinite recursion and error objects Moderate
CVE-2026-25533 was published for @enclave-vm/core (npm) Feb 5, 2026
cristianstaicu Credited to cristianstaicu and frontegg-david frontegg-david frontegg-david
pypdf has possible Infinite Loop when processing outlines/bookmarks Moderate
CVE-2026-24688 was published for pypdf (pip) Jan 26, 2026
JoakimBulow Credited to JoakimBulow and stefan6419846 stefan6419846 stefan6419846
jsonrpc4j has Infinite Loop in RPC Stream Writer Moderate
CVE-2026-24802 was published for com.github.briandilley.jsonrpc4j:jsonrpc4j (Maven) Jan 27, 2026
ImageMagick MSL: Stack overflow via infinite recursion in ProcessMSLScript Moderate
CVE-2026-23874 was published for Magick.NET-Q16-AnyCPU (NuGet) Jan 21, 2026
OwenSanzas Credited to OwenSanzas
AIOHTTP vulnerable to DoS when bypassing asserts Moderate
CVE-2025-69227 was published for aiohttp (pip) Jan 5, 2026
ThomasRinsma Credited to ThomasRinsma, Dreamsorcerer, and bdraco Dreamsorcerer Dreamsorcerer
bdraco bdraco
Predictable results in nanoid generation when given non-integer values Moderate
CVE-2024-55565 was published for nanoid (npm) Dec 9, 2024
krassowski Credited to krassowski, katzj, and CrzyHAX91 katzj katzj
CrzyHAX91 CrzyHAX91
aiohttp vulnerable to Denial of Service when trying to parse malformed POST requests High
CVE-2024-30251 was published for aiohttp (pip) May 3, 2024
bytehope Credited to bytehope and Dreamsorcerer Dreamsorcerer Dreamsorcerer
FastChat Uncontrolled Resource Consumption vulnerability High
CVE-2024-10907 was published for fschat (pip) Mar 20, 2025
DB-GPT Uncontrolled Resource Consumption vulnerability High
CVE-2024-10829 was published for dbgpt (pip) Mar 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database