Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,793
Erlang
36
GitHub Actions
29
Go
2,380
Maven
5,000+
npm
4,004
NuGet
720
pip
3,803
Pub
12
RubyGems
927
Rust
985
Swift
38
Unreviewed advisories
All unreviewed
5,000+

109 advisories

Loading
Spring Framework server Web DoS Vulnerability High
CVE-2024-22233 was published for org.springframework:spring-core (Maven) Jan 22, 2024
aruneko reva
YukiInu fnxpt schmidt-fu tolmaidis LukaszGrzesik
Liferay Portal SessionClicks does not restrict the saving of request parameters in the HTTP session High
CVE-2025-3526 was published for com.liferay.portal:com.liferay.portal.kernel (Maven) Jun 16, 2025
Liferay Portal does not limit the depth of a GraphQL queries High
CVE-2025-3602 was published for com.liferay:com.liferay.portal.vulcan.impl (Maven) Jun 16, 2025
Undertow Uncontrolled Resource Consumption High
CVE-2021-3629 was published for io.undertow:undertow-core (Maven) May 25, 2022
nhakmiller
org.ini4j allows attackers to cause a Denial of Service (DoS) High
CVE-2022-41404 was published for org.ini4j:ini4j (Maven) Oct 12, 2022
cx-eilon-cohen
Apache Tomcat - Denial of Service High
CVE-2024-34750 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jul 3, 2024
westonsteimel
Eclipse Jetty HTTP/2 client can force the server to allocate a humongous byte buffer that may lead to OoM and subsequently the JVM to exit High
CVE-2025-1948 was published for org.eclipse.jetty.http2:jetty-http2-common (Maven) May 8, 2025
bjorncs
Undertow Uncontrolled Resource Consumption Vulnerability High
CVE-2024-1635 was published for io.undertow:undertow-core (Maven) Feb 20, 2024
lite-server vulnerable to Denial of Service High
CVE-2022-25940 was published for lite-server (Maven) Dec 20, 2022
lirantal
Ignite Realtime Openfire vulnerable to XMPPbomb attack High
CVE-2014-2741 was published for org.igniterealtime.openfire:parent (Maven) May 17, 2022
H2O Vulnerable to Denial of Service (DoS) via `/3/ImportFiles` Endpoint High
CVE-2024-7768 was published for ai.h2o:h2o-core (Maven) Mar 20, 2025
H2O Vulnerable to Denial of Service (DoS) via `/3/Parse` Endpoint High
CVE-2024-10549 was published for ai.h2o:h2o-core (Maven) Mar 20, 2025
H2O Vulnerable to Denial of Service (DoS) and File Write High
CVE-2024-10572 was published for ai.h2o:h2o-ext-xgboost (Maven) Mar 20, 2025
Undertow's url-encoded request path information can be broken on ajp-listener High
CVE-2024-6162 was published for io.undertow:undertow-core (Maven) Jun 20, 2024
fawind jamiejackson
Apache CXF: Denial of Service vulnerability with temporary files High
CVE-2025-23184 was published for org.apache.cxf:cxf-core (Maven) Jan 21, 2025
Apache James vulnerable to denial of service through JMAP HTML to text conversion High
CVE-2024-45626 was published for org.apache.james:james-server-jmap-draft (Maven) Feb 6, 2025
Connection leaking on idle timeout when TCP congested High
CVE-2024-22201 was published for org.eclipse.jetty.http2:http2-common (Maven) Feb 26, 2024
luffy1949
Apache James vulnerable to denial of service through the use of IMAP literals High
CVE-2024-37358 was published for org.apache.james.protocols:protocols-imap (Maven) Feb 6, 2025
Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader High
CVE-2024-47554 was published for commons-io:commons-io (Maven) Oct 3, 2024
htmlcleaner vulnerable to stack exhaustion High
CVE-2023-34624 was published for net.sourceforge.htmlcleaner:htmlcleaner (Maven) Jun 14, 2023
onmyquest
jsonij vulnerable to stack exhaustion High
CVE-2023-34614 was published for cc.plural:jsonij (Maven) Jun 14, 2023
sojo vulnerable to stack exhaustion High
CVE-2023-34613 was published for net.sf.sojo:sojo (Maven) Jun 14, 2023
ph-json vulnerable to stack exhaustion High
CVE-2023-34612 was published for com.helger.commons:ph-json (Maven) Jun 14, 2023
json-io vulnerable to stack exhaustion High
CVE-2023-34610 was published for com.cedarsoftware:json-io (Maven) Jun 14, 2023
aantonel-sysdig
pbjson vulnerable to stack exhaustion High
CVE-2023-34616 was published for com.progsbase.libraries:JSON (Maven) Jun 14, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database