GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,793
Erlang
29
GitHub Actions
16
Go
1,710
Maven
4,947
npm
3,475
NuGet
605
pip
3,001
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
49 advisories
Filter by severity
Apache Commons Configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree
Moderate
CVE-2024-29133
was published
for
org.apache.commons:commons-configuration2
(Maven)
Mar 21, 2024
Apache Commons Configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()
Moderate
CVE-2024-29131
was published
for
org.apache.commons:commons-configuration2
(Maven)
Mar 21, 2024
Memory over-allocation in evm crate
Moderate
CVE-2021-29511
was published
for
evm
(Rust)
Jan 30, 2024
`serde` deserialization for `FamStructWrapper` lacks bound checks that could potentially lead to out-of-bounds memory access
Moderate
CVE-2023-50711
was published
for
vmm-sys-util
(Rust)
Jan 2, 2024
JLine vulnerable to out of memory error
Moderate
CVE-2023-50572
was published
for
org.jline:jline-parent
(Maven)
Dec 29, 2023
json-path Out-of-bounds Write vulnerability
Moderate
CVE-2023-51074
was published
for
com.jayway.jsonpath:json-path
(Maven)
Dec 27, 2023
Elasticsearch vulnerable to stack overflow in the search API
Moderate
CVE-2023-31419
was published
for
org.elasticsearch:elasticsearch
(Maven)
Oct 26, 2023
Werkzeug DoS: High resource usage when parsing multipart/form-data containing a large part with CR/LF character at the beginning
Moderate
CVE-2023-46136
was published
for
werkzeug
(pip)
Oct 25, 2023
Jettison parser crash by stackoverflow
Moderate
GHSA-xqcq-j8w9-3pxv
was published
for
com.tencyle.fixes:org.codehaus.jettison--jettison
(Maven)
Aug 1, 2023
janino vulnerable to denial of service due to stack overflow
Moderate
CVE-2023-33546
was published
for
org.codehaus.janino:janino-parent
(Maven)
Jun 1, 2023
Jenkins Pipeline Utility Steps Plugin arbitrary file write vulnerability
Moderate
CVE-2023-32981
was published
for
org.jenkins-ci.plugins:pipeline-utility-steps
(Maven)
May 16, 2023
XWiki Platform subject to Uncontrolled Resource Consumption
Moderate
CVE-2023-26470
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Mar 3, 2023
Apiman Manager API affected by Jackson denial of service vulnerability
Moderate
GHSA-q95j-488q-5q3p
was published
for
io.apiman:apiman-manager-api-impl
(Maven)
Jan 9, 2023
Snakeyaml vulnerable to Stack overflow leading to denial of service
Moderate
CVE-2022-41854
was published
for
org.yaml:snakeyaml
(Maven)
Nov 11, 2022
Wasmtime out of bounds read/write with zero-memory-pages configuration
Moderate
CVE-2022-39392
was published
for
wasmtime
(Rust)
Nov 10, 2022
JXPath Out-of-bounds Write vulnerability
Moderate
CVE-2022-40160
was published
for
commons-jxpath:commons-jxpath
(Maven)
Oct 6, 2022
•
withdrawn
JXPath Out-of-bounds Write vulnerability
Moderate
CVE-2022-40159
was published
for
commons-jxpath:commons-jxpath
(Maven)
Oct 6, 2022
•
withdrawn
JXPath Out-of-bounds Write vulnerability
Moderate
CVE-2022-40161
was published
for
commons-jxpath:commons-jxpath
(Maven)
Oct 6, 2022
•
withdrawn
JXPath Out-of-bounds Write vulnerability
Moderate
CVE-2022-40157
was published
for
commons-jxpath:commons-jxpath
(Maven)
Oct 6, 2022
•
withdrawn
JXPath Out-of-bounds Write vulnerability
Moderate
CVE-2022-40158
was published
for
commons-jxpath:commons-jxpath
(Maven)
Oct 6, 2022
•
withdrawn
Jettison parser crash by stackoverflow
Moderate
CVE-2022-40149
was published
for
org.codehaus.jettison:jettison
(Maven)
Sep 17, 2022
LIEF vulnerable to heap based buffer overflow
Moderate
CVE-2022-38306
was published
for
lief
(pip)
Sep 14, 2022
snakeYAML before 1.32 vulnerable to Denial of Service due to Out-of-bounds Write
Moderate
CVE-2022-38752
was published
for
org.yaml:snakeyaml
(Maven)
Sep 6, 2022
snakeYAML before 1.31 vulnerable to Denial of Service due to Out-of-bounds Write
Moderate
CVE-2022-38751
was published
for
org.yaml:snakeyaml
(Maven)
Sep 6, 2022
snakeYAML before 1.31 vulnerable to Denial of Service due to Out-of-bounds Write
Moderate
CVE-2022-38749
was published
for
be.cylab:snakeyaml
(Maven)
Sep 6, 2022
ProTip!
Advisories are also available from the
GraphQL API