GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,179
Erlang
31
GitHub Actions
19
Go
1,982
Maven
5,000+
npm
3,701
NuGet
656
pip
3,323
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+
24 advisories
Filter by severity
Vertx gRPC server does not limit the maximum message size
Moderate
CVE-2024-8391
was published
for
io.vertx:vertx-grpc-client
(Maven)
Sep 4, 2024
Spring Framework vulnerable to Denial of Service
Moderate
CVE-2024-38808
was published
for
org.springframework:spring-expression
(Maven)
Aug 20, 2024
DNSJava vulnerable to KeyTrap - Denial-of-Service Algorithmic Complexity Attacks
Moderate
GHSA-crjg-w57m-rqqf
was published
for
dnsjava:dnsjava
(Maven)
Jul 22, 2024
CrateDB has a Client initialized Session-Renegotiation DoS
Moderate
CVE-2024-37309
was published
for
io.crate:crate
(Maven)
Jun 13, 2024
Wildfly vulnerable to denial of service
Moderate
CVE-2024-4029
was published
for
org.wildfly:wildfly-domain-http
(Maven)
May 2, 2024
Netty's HttpPostRequestDecoder can OOM
Moderate
CVE-2024-29025
was published
for
io.netty:netty-codec-http
(Maven)
Mar 25, 2024
Liferay Portal vulnerable to Denial of Service
Moderate
CVE-2024-26265
was published
for
com.liferay.portal:release.portal.bom
(Maven)
Feb 20, 2024
Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file
Moderate
CVE-2024-26308
was published
for
org.apache.commons:commons-compress
(Maven)
Feb 19, 2024
Denial of service vulnerability on creating a Launch with too many recursively nested elements in reportportal
Moderate
CVE-2023-25822
was published
for
com.epam.reportportal:service-api
(Maven)
Oct 10, 2023
netty-handler SniHandler 16MB allocation
Moderate
CVE-2023-34462
was published
for
io.netty:netty-handler
(Maven)
Jun 20, 2023
Apache Struts vulnerable to memory exhaustion
Moderate
CVE-2023-34149
was published
for
org.apache.struts:struts2-core
(Maven)
Jun 14, 2023
OutOfMemoryError for large multipart without filename in Eclipse Jetty
Moderate
CVE-2023-26048
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Apr 19, 2023
Denial of service in Jenkins Core
Moderate
CVE-2023-27900
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Mar 10, 2023
Excessive memory allocation in graph URLs leads to denial of service in Jenkins
Moderate
CVE-2021-21607
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Apache Tika vulnerable to uncontrolled memory consumption
Moderate
CVE-2022-25169
was published
for
org.apache.tika:tika
(Maven)
May 17, 2022
Allocation of Resources Without Limits or Throttling in Spring Framework
Moderate
CVE-2022-22971
was published
for
org.springframework:spring-messaging
(Maven)
May 13, 2022
Allocation of Resources Without Limits or Throttling in Spring Framework
Moderate
CVE-2022-22950
was published
for
org.springframework:spring-expression
(Maven)
Apr 3, 2022
Improper Input Validation and Allocation of Resources Without Limits or Throttling in poi-scratchpad
Moderate
CVE-2022-26336
was published
for
org.apache.poi:poi-scratchpad
(Maven)
Mar 5, 2022
Allocation of Resources Without Limits or Throttling in metadata-extractor
Moderate
CVE-2022-24614
was published
for
com.drewnoakes:metadata-extractor
(Maven)
Feb 25, 2022
Allocation of Resources Without Limits or Throttling in iText
Moderate
CVE-2022-24196
was published
for
com.itextpdf:itext7-core
(Maven)
Feb 2, 2022
Uncontrolled memory consumption
Moderate
CVE-2021-31811
was published
for
org.apache.pdfbox:pdfbox
(Maven)
Jun 15, 2021
Denial of Service in Google Guava
Moderate
CVE-2018-10237
was published
for
com.google.guava:guava
(Maven)
Jun 15, 2020
Potential DOS attack due to unrestricted attachment count in messages
Moderate
CVE-2019-12406
was published
for
org.apache.cxf:apache-cxf
(Maven)
Nov 8, 2019
Allocation of Resources Without Limits or Throttling in Apache Tika
Moderate
CVE-2019-10093
was published
for
org.apache.tika:tika-parsers
(Maven)
Aug 6, 2019
ProTip!
Advisories are also available from the
GraphQL API