GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
93 advisories
Filter by severity
Unrestricted recursion in htmlunit
High
CVE-2023-2798
was published
for
org.htmlunit:htmlunit
(Maven)
May 25, 2023
Spring Framework vulnerable to denial of service
High
CVE-2023-20863
was published
for
org.springframework:spring-expression
(Maven)
Apr 13, 2023
Apache Log4j 1.x (EOL) allows Denial of Service (DoS)
High
CVE-2023-26464
was published
for
org.apache.logging.log4j:log4j-core
(Maven)
Mar 10, 2023
lite-server vulnerable to Denial of Service
High
CVE-2022-25940
was published
for
lite-server
(Maven)
Dec 20, 2022
HuTool vulnerable to Uncontrolled Resource Consumption
High
CVE-2022-4565
was published
for
cn.hutool:hutool-core
(Maven)
Dec 16, 2022
Protobuf Java vulnerable to Uncontrolled Resource Consumption
High
CVE-2022-3510
was published
for
com.google.protobuf:protobuf-java
(Maven)
Dec 12, 2022
Protobuf Java vulnerable to Uncontrolled Resource Consumption
High
CVE-2022-3509
was published
for
com.google.protobuf:protobuf-java
(Maven)
Dec 12, 2022
Creation of new database tables through login form on PostgreSQL
High
CVE-2022-41932
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Nov 21, 2022
Apache IoTDB subject to ReDOS with Java 8
High
CVE-2022-43766
was published
for
apache-iotdb
(Maven)
Oct 26, 2022
Uncontrolled Resource Consumption in FasterXML jackson-databind
High
CVE-2022-42004
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Oct 3, 2022
Uncontrolled Resource Consumption in Jackson-databind
High
CVE-2022-42003
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Oct 3, 2022
Apache Kafka vulnerability can lead to brokers hitting OutOfMemoryException, causing Denial of Service
High
CVE-2022-34917
was published
for
org.apache.kafka:kafka
(Maven)
Sep 21, 2022
Jettison memory exhaustion
High
CVE-2022-40150
was published
for
org.codehaus.jettison:jettison
(Maven)
Sep 17, 2022
graphql-java vulnerable to Denial of Service via GraphQL query that consumes CPU resources
High
CVE-2022-37734
was published
for
com.graphql-java:graphql-java
(Maven)
Sep 13, 2022
Uncontrolled Resource Consumption in snakeyaml
High
CVE-2022-25857
was published
for
org.yaml:snakeyaml
(Maven)
Aug 31, 2022
Undertow vulnerable to Dos via Large AJP request
High
CVE-2022-2053
was published
for
io.undertow:undertow-core
(Maven)
Aug 6, 2022
Undertow vulnerable to Denial of Service (DoS) attacks
High
CVE-2021-3859
was published
for
io.undertow:undertow-core
(Maven)
Jul 15, 2022
Undertow vulnerable to memory exhaustion due to buffer leak
High
CVE-2021-3690
was published
for
io.undertow:undertow-core
(Maven)
Jul 15, 2022
Apache Tapestry 5.8.1 vulnerable to ReDoS via Content Types causing catastrophic backtracking
High
CVE-2022-31781
was published
for
org.apache.tapestry:tapestry-core
(Maven)
Jul 14, 2022
Jetty vulnerable to Invalid HTTP/2 requests that can lead to denial of service
High
CVE-2022-2048
was published
for
org.eclipse.jetty.http2:http2-server
(Maven)
Jul 7, 2022
SystemDS CPU exhaustion vulnerability
High
CVE-2022-26477
was published
for
org.apache.systemds:systemds
(Maven)
Jun 28, 2022
Denial of service binding form from JSON in Play Framework
High
CVE-2022-31018
was published
for
com.typesafe.play:play_2.12
(Maven)
Jun 3, 2022
Undertow Uncontrolled Resource Consumption
High
CVE-2021-3629
was published
for
io.undertow:undertow-core
(Maven)
May 25, 2022
Undertow vulnerable to Uncontrolled Resource Consumption
High
CVE-2019-14888
was published
for
io.undertow:undertow-core
(Maven)
May 24, 2022
Ignite Realtime Openfire vulnerable to XMPPbomb attack
High
CVE-2014-2741
was published
for
org.igniterealtime.openfire:parent
(Maven)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API