Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,343
Erlang
31
GitHub Actions
22
Go
2,107
Maven
5,000+
npm
3,764
NuGet
679
pip
3,452
Pub
12
RubyGems
892
Rust
886
Swift
37
Unreviewed advisories
All unreviewed
5,000+

98 advisories

Loading
Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader High
CVE-2024-47554 was published for commons-io:commons-io (Maven) Oct 3, 2024
htmlcleaner vulnerable to stack exhaustion High
CVE-2023-34624 was published for net.sourceforge.htmlcleaner:htmlcleaner (Maven) Jun 14, 2023
onmyquest
jsonij vulnerable to stack exhaustion High
CVE-2023-34614 was published for cc.plural:jsonij (Maven) Jun 14, 2023
sojo vulnerable to stack exhaustion High
CVE-2023-34613 was published for net.sf.sojo:sojo (Maven) Jun 14, 2023
ph-json vulnerable to stack exhaustion High
CVE-2023-34612 was published for com.helger.commons:ph-json (Maven) Jun 14, 2023
json-io vulnerable to stack exhaustion High
CVE-2023-34610 was published for com.cedarsoftware:json-io (Maven) Jun 14, 2023
aantonel-sysdig
pbjson vulnerable to stack exhaustion High
CVE-2023-34616 was published for com.progsbase.libraries:JSON (Maven) Jun 14, 2023
JSONUtil vulnerable to stack exhaustion High
CVE-2023-34615 was published for net.pwall.json:jsonutil (Maven) Jun 14, 2023
Uncontrolled Resource Consumption in FasterXML jackson-databind High
CVE-2022-42004 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Oct 3, 2022
AdamKorcz sonnyhcl
sunSUNQ pjfanning
Undertow's url-encoded request path information can be broken on ajp-listener High
CVE-2024-6162 was published for io.undertow:undertow-core (Maven) Jun 20, 2024
fawind
XNIO denial of service vulnerability High
CVE-2023-5685 was published for org.jboss.xnio:xnio-api (Maven) Mar 22, 2024
grosario1
DNSJava affected by KeyTrap - NSEC3 closest encloser proof can exhaust CPU resources High
GHSA-mmwx-rj87-vfgr was published for dnsjava:dnsjava (Maven) Jul 22, 2024
levpachmanov amita-seal
Denial of Service in Connect2id Nimbus JOSE+JWT High
CVE-2023-52428 was published for com.nimbusds:nimbus-jose-jwt (Maven) Feb 11, 2024
ebickle
SystemDS CPU exhaustion vulnerability High
CVE-2022-26477 was published for org.apache.systemds:systemds (Maven) Jun 28, 2022
Liferay Portal denial of service (memory consumption) High
CVE-2024-25143 was published for com.liferay.portal:release.portal.bom (Maven) Feb 7, 2024
Apache Log4j 1.x (EOL) allows Denial of Service (DoS) High
CVE-2023-26464 was published for org.apache.logging.log4j:log4j-core (Maven) Mar 10, 2023
jw123023
Undertow Uncontrolled Resource Consumption Vulnerability High
CVE-2024-1635 was published for io.undertow:undertow-core (Maven) Feb 20, 2024
Uncontrolled Resource Consumption in Jackson-databind High
CVE-2022-42003 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Oct 3, 2022
AdamKorcz coheigea
sonnyhcl Christiaan-de-Wet sunSUNQ
Apache IoTDB subject to ReDOS with Java 8 High
CVE-2022-43766 was published for apache-iotdb (Maven) Oct 26, 2022
Soot Infinite Loop vulnerability High
CVE-2023-46442 was published for org.soot-oss:soot (Maven) May 24, 2024
Apache Tomcat - Denial of Service High
CVE-2024-34750 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jul 3, 2024
westonsteimel
STRIMZI incorrect access control High
CVE-2024-36543 was published for io.strimzi:strimzi (Maven) Jun 17, 2024
Spring Framework vulnerable to denial of service High
CVE-2023-20863 was published for org.springframework:spring-expression (Maven) Apr 13, 2023
amita-seal sunSUNQ
Regular expression denial of service (ReDoS) in EmailValidator class in Vaadin 7 High
CVE-2020-36320 was published for com.vaadin:vaadin-bom (Maven) Apr 19, 2021
SunBK201
Apache Kafka vulnerability can lead to brokers hitting OutOfMemoryException, causing Denial of Service High
CVE-2022-34917 was published for org.apache.kafka:kafka (Maven) Sep 21, 2022
jkmartindale
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database