Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,179
Erlang
31
GitHub Actions
19
Go
1,982
Maven
5,000+
npm
3,701
NuGet
656
pip
3,323
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

36 advisories

Loading
GraphQL Java does not properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service High
CVE-2024-40094 was published for com.graphql-java:graphql-java (Maven) Jul 30, 2024
Denial of Service in Connect2id Nimbus JOSE+JWT High
CVE-2023-52428 was published for com.nimbusds:nimbus-jose-jwt (Maven) Feb 11, 2024
ebickle
Liferay Portal denial of service (memory consumption) High
CVE-2024-25143 was published for com.liferay.portal:release.portal.bom (Maven) Feb 7, 2024
Ion Java StackOverflow vulnerability High
CVE-2024-21634 was published for com.amazon.ion:ion-java (Maven) Jan 3, 2024
ebickle
Allocation of Resources Without Limits in Keycloak High
CVE-2023-6563 was published for org.keycloak:keycloak-model-jpa (Maven) Dec 14, 2023
Duplicate Advisory: Denial of Service in JSON-Java High
GHSA-rm7j-f5g5-27vv was published for org.json:json (Maven) Oct 12, 2023 withdrawn
Astralidea
snappy-java's missing upper bound check on chunk length can lead to Denial of Service (DoS) impact High
CVE-2023-43642 was published for org.xerial.snappy:snappy-java (Maven) Sep 25, 2023
mkcops janjwerner-confluent
flabbergastedbd
snappy-java's unchecked chunk length leads to DoS High
CVE-2023-34455 was published for org.xerial.snappy:snappy-java (Maven) Jun 15, 2023
srmish-jfrog
Apache Struts vulnerable to memory exhaustion High
CVE-2023-34396 was published for org.apache.struts:struts2-core (Maven) Jun 14, 2023
Spring Framework vulnerable to denial of service High
CVE-2023-20863 was published for org.springframework:spring-expression (Maven) Apr 13, 2023
amita-seal sunSUNQ
GraphQL Java vulnerable to stack consumption High
CVE-2023-28867 was published for com.graphql-java:graphql-java (Maven) Mar 27, 2023
Denial of service in Jenkins Core High
CVE-2023-27901 was published for org.jenkins-ci.main:jenkins-core (Maven) Mar 10, 2023
westonsteimel
Apache Commons FileUpload denial of service vulnerability High
CVE-2023-24998 was published for commons-fileupload:commons-fileupload (Maven) Feb 20, 2023
sunSUNQ westonsteimel
Creation of new database tables through login form on PostgreSQL High
CVE-2022-41932 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Nov 21, 2022
Apache Kafka vulnerability can lead to brokers hitting OutOfMemoryException, causing Denial of Service High
CVE-2022-34917 was published for org.apache.kafka:kafka (Maven) Sep 21, 2022
jkmartindale
Eclipse Milo vulnerable to Resource Exhaustion (Denial of Service) High
CVE-2022-25897 was published for org.eclipse.milo:sdk-server (Maven) Sep 15, 2022
SharonBrizinov
XNIO `notifyReadClosed` method logging message to unexpected end High
CVE-2022-0084 was published for org.jboss.xnio:xnio-all (Maven) Aug 27, 2022
Denial of Service in Spring Cloud Function High
CVE-2022-22979 was published for org.springframework.cloud:spring-cloud-function-parent (Maven) Jun 22, 2022
ONOS vulnerable to denial of service due to unrestricted NettyMessagingManager payload High
CVE-2017-13763 was published for org.onosproject:onos-base (Maven) May 13, 2022
Denial of service in Spring Framework High
CVE-2022-22970 was published for org.springframework:spring-beans (Maven) May 13, 2022
amita-seal sunSUNQ
Allocation of Resources Without Limits or Throttling in Keycloak High
CVE-2020-10758 was published for org.keycloak:keycloak-parent (Maven) Feb 9, 2022
Apache ActiveMQ Artemis Uncontrolled Resource Consumption (DoS) High
CVE-2022-23913 was published for org.apache.activemq:artemis-core-client (Maven) Feb 6, 2022
ReDOS in Vfsjfilechooser2 High
CVE-2021-29061 was published for com.github.fracpete:vfsjfilechooser2 (Maven) Jan 6, 2022
Denial of Service (DoS) in Jackson Dataformat CBOR High
CVE-2020-28491 was published for com.fasterxml.jackson.dataformat:jackson-dataformat-cbor (Maven) Dec 9, 2021
DmitriyLewen
Improper Handling of Length Parameter Inconsistency in Compress High
CVE-2021-35517 was published for org.apache.commons:commons-compress (Maven) Aug 2, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database