GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
97 advisories
Filter by severity
Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader
High
CVE-2024-47554
was published
for
commons-io:commons-io
(Maven)
Oct 3, 2024
Uncontrolled Resource Consumption in FasterXML jackson-databind
High
CVE-2022-42004
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Oct 3, 2022
Undertow's url-encoded request path information can be broken on ajp-listener
High
CVE-2024-6162
was published
for
io.undertow:undertow-core
(Maven)
Jun 20, 2024
XNIO denial of service vulnerability
High
CVE-2023-5685
was published
for
org.jboss.xnio:xnio-api
(Maven)
Mar 22, 2024
DNSJava affected by KeyTrap - NSEC3 closest encloser proof can exhaust CPU resources
High
GHSA-mmwx-rj87-vfgr
was published
for
dnsjava:dnsjava
(Maven)
Jul 22, 2024
json-io vulnerable to stack exhaustion
High
CVE-2023-34610
was published
for
com.cedarsoftware:json-io
(Maven)
Jun 14, 2023
Denial of Service in Connect2id Nimbus JOSE+JWT
High
CVE-2023-52428
was published
for
com.nimbusds:nimbus-jose-jwt
(Maven)
Feb 11, 2024
SystemDS CPU exhaustion vulnerability
High
CVE-2022-26477
was published
for
org.apache.systemds:systemds
(Maven)
Jun 28, 2022
Liferay Portal denial of service (memory consumption)
High
CVE-2024-25143
was published
for
com.liferay.portal:release.portal.bom
(Maven)
Feb 7, 2024
Apache Log4j 1.x (EOL) allows Denial of Service (DoS)
High
CVE-2023-26464
was published
for
org.apache.logging.log4j:log4j-core
(Maven)
Mar 10, 2023
Undertow Uncontrolled Resource Consumption Vulnerability
High
CVE-2024-1635
was published
for
io.undertow:undertow-core
(Maven)
Feb 20, 2024
Uncontrolled Resource Consumption in Jackson-databind
High
CVE-2022-42003
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Oct 3, 2022
Apache IoTDB subject to ReDOS with Java 8
High
CVE-2022-43766
was published
for
apache-iotdb
(Maven)
Oct 26, 2022
Soot Infinite Loop vulnerability
High
CVE-2023-46442
was published
for
org.soot-oss:soot
(Maven)
May 24, 2024
Apache Tomcat - Denial of Service
High
CVE-2024-34750
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jul 3, 2024
STRIMZI incorrect access control
High
CVE-2024-36543
was published
for
io.strimzi:strimzi
(Maven)
Jun 17, 2024
htmlcleaner vulnerable to stack exhaustion
High
CVE-2023-34624
was published
for
net.sourceforge.htmlcleaner:htmlcleaner
(Maven)
Jun 14, 2023
Spring Framework vulnerable to denial of service
High
CVE-2023-20863
was published
for
org.springframework:spring-expression
(Maven)
Apr 13, 2023
Regular expression denial of service (ReDoS) in EmailValidator class in Vaadin 7
High
CVE-2020-36320
was published
for
com.vaadin:vaadin-bom
(Maven)
Apr 19, 2021
Apache Kafka vulnerability can lead to brokers hitting OutOfMemoryException, causing Denial of Service
High
CVE-2022-34917
was published
for
org.apache.kafka:kafka
(Maven)
Sep 21, 2022
Undertow vulnerable to denial of service
High
CVE-2023-3223
was published
for
io.undertow:undertow-parent
(Maven)
Sep 27, 2023
Connection leaking on idle timeout when TCP congested
High
CVE-2024-22201
was published
for
org.eclipse.jetty.http2:http2-common
(Maven)
Feb 26, 2024
Uncontrolled Resource Consumption in snakeyaml
High
CVE-2022-25857
was published
for
org.yaml:snakeyaml
(Maven)
Aug 31, 2022
Apache Tomcat EncryptInterceptor error leads to Uncontrolled Resource Consumption
High
CVE-2022-29885
was published
for
org.apache.tomcat:tomcat
(Maven)
May 13, 2022
Uncontrolled Resource Consumption in Apache Tomcat
High
CVE-2020-11996
was published
for
org.apache.tomcat:tomcat
(Maven)
Feb 9, 2022
ProTip!
Advisories are also available from the
GraphQL API