Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

24 advisories

Loading
Uncontrolled memory consumption Moderate
CVE-2021-31811 was published for org.apache.pdfbox:pdfbox (Maven) Jun 15, 2021
Apache Tika vulnerable to uncontrolled memory consumption Moderate
CVE-2022-25169 was published for org.apache.tika:tika (Maven) May 17, 2022
Allocation of Resources Without Limits or Throttling in Apache Tika Moderate
CVE-2019-10093 was published for org.apache.tika:tika-parsers (Maven) Aug 6, 2019
Potential DOS attack due to unrestricted attachment count in messages Moderate
CVE-2019-12406 was published for org.apache.cxf:apache-cxf (Maven) Nov 8, 2019
Allocation of Resources Without Limits or Throttling in iText Moderate
CVE-2022-24196 was published for com.itextpdf:itext7-core (Maven) Feb 2, 2022
Allocation of Resources Without Limits or Throttling in Spring Framework Moderate
CVE-2022-22950 was published for org.springframework:spring-expression (Maven) Apr 3, 2022
J3rry-1729 briandealwis
OutOfMemoryError for large multipart without filename in Eclipse Jetty Moderate
CVE-2023-26048 was published for org.eclipse.jetty:jetty-server (Maven) Apr 19, 2023
lachlan-roberts jeffalder
Denial of service vulnerability on creating a Launch with too many recursively nested elements in reportportal Moderate
CVE-2023-25822 was published for com.epam.reportportal:service-api (Maven) Oct 10, 2023
Denial of Service in Google Guava Moderate
CVE-2018-10237 was published for com.google.guava:guava (Maven) Jun 15, 2020
Apache Struts vulnerable to memory exhaustion Moderate
CVE-2023-34149 was published for org.apache.struts:struts2-core (Maven) Jun 14, 2023
Excessive memory allocation in graph URLs leads to denial of service in Jenkins Moderate
CVE-2021-21607 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Denial of service in Jenkins Core Moderate
CVE-2023-27900 was published for org.jenkins-ci.main:jenkins-core (Maven) Mar 10, 2023
westonsteimel
Allocation of Resources Without Limits or Throttling in Spring Framework Moderate
CVE-2022-22971 was published for org.springframework:spring-messaging (Maven) May 13, 2022
amita-seal sunSUNQ
Improper Input Validation and Allocation of Resources Without Limits or Throttling in poi-scratchpad Moderate
CVE-2022-26336 was published for org.apache.poi:poi-scratchpad (Maven) Mar 5, 2022
SunBK201
Netty's HttpPostRequestDecoder can OOM Moderate
CVE-2024-29025 was published for io.netty:netty-codec-http (Maven) Mar 25, 2024
vietj
CrateDB has a Client initialized Session-Renegotiation DoS Moderate
CVE-2024-37309 was published for io.crate:crate (Maven) Jun 13, 2024
BaurzhanSakhariev
netty-handler SniHandler 16MB allocation Moderate
CVE-2023-34462 was published for io.netty:netty-handler (Maven) Jun 20, 2023
vietj
Spring Framework vulnerable to Denial of Service Moderate
CVE-2024-38808 was published for org.springframework:spring-expression (Maven) Aug 20, 2024
Allocation of Resources Without Limits or Throttling in metadata-extractor Moderate
CVE-2022-24614 was published for com.drewnoakes:metadata-extractor (Maven) Feb 25, 2022
cpropps-sysdig
Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file Moderate
CVE-2024-26308 was published for org.apache.commons:commons-compress (Maven) Feb 19, 2024
oscerd astashys
Vertx gRPC server does not limit the maximum message size Moderate
CVE-2024-8391 was published for io.vertx:vertx-grpc-client (Maven) Sep 4, 2024
DNSJava vulnerable to KeyTrap - Denial-of-Service Algorithmic Complexity Attacks Moderate
GHSA-crjg-w57m-rqqf was published for dnsjava:dnsjava (Maven) Jul 22, 2024
levpachmanov amita-seal
Liferay Portal vulnerable to Denial of Service Moderate
CVE-2024-26265 was published for com.liferay.portal:release.portal.bom (Maven) Feb 20, 2024
Wildfly vulnerable to denial of service Moderate
CVE-2024-4029 was published for org.wildfly:wildfly-domain-http (Maven) May 2, 2024
ProTip! Advisories are also available from the GraphQL API