GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
37 advisories
Filter by severity
Apache Tomcat Allocation of Resources Without Limits or Throttling vulnerability
High
CVE-2024-38286
was published
for
org.apache.tomcat:tomcat-util
(Maven)
Nov 7, 2024
GraphQL Java does not properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service
High
CVE-2024-40094
was published
for
com.graphql-java:graphql-java
(Maven)
Jul 30, 2024
Denial of Service in Connect2id Nimbus JOSE+JWT
High
CVE-2023-52428
was published
for
com.nimbusds:nimbus-jose-jwt
(Maven)
Feb 11, 2024
Liferay Portal denial of service (memory consumption)
High
CVE-2024-25143
was published
for
com.liferay.portal:release.portal.bom
(Maven)
Feb 7, 2024
Ion Java StackOverflow vulnerability
High
CVE-2024-21634
was published
for
com.amazon.ion:ion-java
(Maven)
Jan 3, 2024
Allocation of Resources Without Limits in Keycloak
High
CVE-2023-6563
was published
for
org.keycloak:keycloak-model-jpa
(Maven)
Dec 14, 2023
Duplicate Advisory: Denial of Service in JSON-Java
High
GHSA-rm7j-f5g5-27vv
was published
for
org.json:json
(Maven)
Oct 12, 2023
•
withdrawn
snappy-java's missing upper bound check on chunk length can lead to Denial of Service (DoS) impact
High
CVE-2023-43642
was published
for
org.xerial.snappy:snappy-java
(Maven)
Sep 25, 2023
snappy-java's unchecked chunk length leads to DoS
High
CVE-2023-34455
was published
for
org.xerial.snappy:snappy-java
(Maven)
Jun 15, 2023
Apache Struts vulnerable to memory exhaustion
High
CVE-2023-34396
was published
for
org.apache.struts:struts2-core
(Maven)
Jun 14, 2023
Spring Framework vulnerable to denial of service
High
CVE-2023-20863
was published
for
org.springframework:spring-expression
(Maven)
Apr 13, 2023
GraphQL Java vulnerable to stack consumption
High
CVE-2023-28867
was published
for
com.graphql-java:graphql-java
(Maven)
Mar 27, 2023
Denial of service in Jenkins Core
High
CVE-2023-27901
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Mar 10, 2023
Apache Commons FileUpload denial of service vulnerability
High
CVE-2023-24998
was published
for
commons-fileupload:commons-fileupload
(Maven)
Feb 20, 2023
Creation of new database tables through login form on PostgreSQL
High
CVE-2022-41932
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Nov 21, 2022
Apache Kafka vulnerability can lead to brokers hitting OutOfMemoryException, causing Denial of Service
High
CVE-2022-34917
was published
for
org.apache.kafka:kafka
(Maven)
Sep 21, 2022
Eclipse Milo vulnerable to Resource Exhaustion (Denial of Service)
High
CVE-2022-25897
was published
for
org.eclipse.milo:sdk-server
(Maven)
Sep 15, 2022
XNIO `notifyReadClosed` method logging message to unexpected end
High
CVE-2022-0084
was published
for
org.jboss.xnio:xnio-all
(Maven)
Aug 27, 2022
Denial of Service in Spring Cloud Function
High
CVE-2022-22979
was published
for
org.springframework.cloud:spring-cloud-function-parent
(Maven)
Jun 22, 2022
ONOS vulnerable to denial of service due to unrestricted NettyMessagingManager payload
High
CVE-2017-13763
was published
for
org.onosproject:onos-base
(Maven)
May 13, 2022
Denial of service in Spring Framework
High
CVE-2022-22970
was published
for
org.springframework:spring-beans
(Maven)
May 13, 2022
Allocation of Resources Without Limits or Throttling in Keycloak
High
CVE-2020-10758
was published
for
org.keycloak:keycloak-parent
(Maven)
Feb 9, 2022
Apache ActiveMQ Artemis Uncontrolled Resource Consumption (DoS)
High
CVE-2022-23913
was published
for
org.apache.activemq:artemis-core-client
(Maven)
Feb 6, 2022
ReDOS in Vfsjfilechooser2
High
CVE-2021-29061
was published
for
com.github.fracpete:vfsjfilechooser2
(Maven)
Jan 6, 2022
Denial of Service (DoS) in Jackson Dataformat CBOR
High
CVE-2020-28491
was published
for
com.fasterxml.jackson.dataformat:jackson-dataformat-cbor
(Maven)
Dec 9, 2021
ProTip!
Advisories are also available from the
GraphQL API