GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
93 advisories
Filter by severity
Uncontrolled Resource Consumption in Apache Tomcat
High
CVE-2014-0230
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Apache OpenMeetings vulnerable to Uncontrolled Resource Consumption
High
CVE-2017-7684
was published
for
org.apache.openmeetings:openmeetings-parent
(Maven)
May 13, 2022
Red Hat Wildfly DoS
High
CVE-2016-9589
was published
for
org.wildfly:wildfly-undertow
(Maven)
May 13, 2022
Command Injection in VIVO Vitro
High
CVE-2019-6986
was published
for
org.vivoweb:vitro-project
(Maven)
May 13, 2022
Uncontrolled Resource Consumption in Artemis and HornetQ
High
CVE-2017-12174
was published
for
org.apache.activemq:artemis-native
(Maven)
May 13, 2022
Uncontrolled Resource Consumption in Apache ZooKeeper
High
CVE-2017-5637
was published
for
org.apache.zookeeper:zookeeper
(Maven)
May 13, 2022
Apache Geronimo Hash Collisions Cause DoS
High
CVE-2011-5034
was published
for
org.apache.geronimo:geronimo
(Maven)
May 13, 2022
Apache Tomcat EncryptInterceptor error leads to Uncontrolled Resource Consumption
High
CVE-2022-29885
was published
for
org.apache.tomcat:tomcat
(Maven)
May 13, 2022
OutOfMemory Exception by specifically crafted processing instruction in NekoHtml Parser
High
CVE-2022-29546
was published
for
net.sourceforge.htmlunit:neko-htmlunit
(Maven)
Apr 26, 2022
Uncontrolled Resource Consumption in Apache DolphinScheduler
High
CVE-2022-25598
was published
for
apache-dolphinscheduler
(Maven)
Mar 31, 2022
RESTEasy 4.5.5.Final in hash flooding
High
CVE-2020-14326
was published
for
org.jboss.resteasy:resteasy-bom
(Maven)
Mar 18, 2022
Uncontrolled Resource Consumption in jboss-remoting
High
CVE-2020-35510
was published
for
org.jboss.remoting:jboss-remoting
(Maven)
Mar 18, 2022
Denial of service in Apache OpenMeetings
High
CVE-2020-13951
was published
for
org.apache.openmeetings:openmeetings-parent
(Maven)
Feb 10, 2022
Uncontrolled Resource Consumption in Apache Tomcat
High
CVE-2020-11996
was published
for
org.apache.tomcat:tomcat
(Maven)
Feb 9, 2022
Denial of service in Undertow
High
CVE-2020-27782
was published
for
io.undertow:undertow-core
(Maven)
Feb 9, 2022
Apache ActiveMQ Artemis Uncontrolled Resource Consumption (DoS)
High
CVE-2022-23913
was published
for
org.apache.activemq:artemis-core-client
(Maven)
Feb 6, 2022
Denial of Service by injecting highly recursive collections or maps in XStream
High
CVE-2021-43859
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Feb 1, 2022
Junrar vulnerable to infinite loop via extracting carefully crafted RAR archive
High
CVE-2022-23596
was published
for
com.github.junrar:junrar
(Maven)
Feb 1, 2022
Infinite loop in Apache CFX
High
CVE-2021-30468
was published
for
org.apache.cxf:apache-cxf
(Maven)
Jan 6, 2022
SnappyFrameDecoder doesn't restrict chunk length any may buffer skippable chunks in an unnecessary way
High
CVE-2021-37137
was published
for
io.netty:netty
(Maven)
Sep 9, 2021
Bzip2Decoder doesn't allow setting size restrictions for decompressed data
High
CVE-2021-37136
was published
for
io.netty:netty
(Maven)
Sep 9, 2021
Resource Exhaustion in Spring Security
High
CVE-2021-22119
was published
for
org.springframework.security:spring-security-core
(Maven)
Jul 2, 2021
Uncontrolled Resource Consumption in Apache OpenMeetings server
High
CVE-2021-27576
was published
for
org.apache.openmeetings:openmeetings-parent
(Maven)
Jun 16, 2021
Authorization service vulnerable to DDos attacks in Apache CFX
High
CVE-2021-22696
was published
for
org.apache.cxf:apache-cxf
(Maven)
May 13, 2021
Regular expression Denial of Service (ReDoS) in EmailValidator class in V7 compatibility module in Vaadin 8
High
CVE-2021-31409
was published
for
com.vaadin:vaadin-compatibility-server
(Maven)
May 4, 2021
ProTip!
Advisories are also available from the
GraphQL API