Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,793
Erlang
29
GitHub Actions
16
Go
1,710
Maven
4,947
npm
3,475
NuGet
605
pip
3,001
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

49 advisories

Apache Commons Configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree Moderate
CVE-2024-29133 was published for org.apache.commons:commons-configuration2 (Maven) Mar 21, 2024
oscerd
Apache Commons Configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator() Moderate
CVE-2024-29131 was published for org.apache.commons:commons-configuration2 (Maven) Mar 21, 2024
oscerd
Memory over-allocation in evm crate Moderate
CVE-2021-29511 was published for evm (Rust) Jan 30, 2024
`serde` deserialization for `FamStructWrapper` lacks bound checks that could potentially lead to out-of-bounds memory access Moderate
CVE-2023-50711 was published for vmm-sys-util (Rust) Jan 2, 2024
bchalios
JLine vulnerable to out of memory error Moderate
CVE-2023-50572 was published for org.jline:jline-parent (Maven) Dec 29, 2023
json-path Out-of-bounds Write vulnerability Moderate
CVE-2023-51074 was published for com.jayway.jsonpath:json-path (Maven) Dec 27, 2023
phrabec SunBK201
Elasticsearch vulnerable to stack overflow in the search API Moderate
CVE-2023-31419 was published for org.elasticsearch:elasticsearch (Maven) Oct 26, 2023
Werkzeug DoS: High resource usage when parsing multipart/form-data containing a large part with CR/LF character at the beginning Moderate
CVE-2023-46136 was published for werkzeug (pip) Oct 25, 2023
psrok1 davidism
Jettison parser crash by stackoverflow Moderate
GHSA-xqcq-j8w9-3pxv was published for com.tencyle.fixes:org.codehaus.jettison--jettison (Maven) Aug 1, 2023
janino vulnerable to denial of service due to stack overflow Moderate
CVE-2023-33546 was published for org.codehaus.janino:janino-parent (Maven) Jun 1, 2023
Jenkins Pipeline Utility Steps Plugin arbitrary file write vulnerability Moderate
CVE-2023-32981 was published for org.jenkins-ci.plugins:pipeline-utility-steps (Maven) May 16, 2023
XWiki Platform subject to Uncontrolled Resource Consumption Moderate
CVE-2023-26470 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Mar 3, 2023
Apiman Manager API affected by Jackson denial of service vulnerability Moderate
GHSA-q95j-488q-5q3p was published for io.apiman:apiman-manager-api-impl (Maven) Jan 9, 2023
Snakeyaml vulnerable to Stack overflow leading to denial of service Moderate
CVE-2022-41854 was published for org.yaml:snakeyaml (Maven) Nov 11, 2022
peter-janssen p3pijn
atul-exabeam fabien-chebel sfblackl-intel
Wasmtime out of bounds read/write with zero-memory-pages configuration Moderate
CVE-2022-39392 was published for wasmtime (Rust) Nov 10, 2022
alexcrichton
JXPath Out-of-bounds Write vulnerability Moderate
CVE-2022-40160 was published for commons-jxpath:commons-jxpath (Maven) Oct 6, 2022 withdrawn
JXPath Out-of-bounds Write vulnerability Moderate
CVE-2022-40159 was published for commons-jxpath:commons-jxpath (Maven) Oct 6, 2022 withdrawn
JXPath Out-of-bounds Write vulnerability Moderate
CVE-2022-40161 was published for commons-jxpath:commons-jxpath (Maven) Oct 6, 2022 withdrawn
JXPath Out-of-bounds Write vulnerability Moderate
CVE-2022-40157 was published for commons-jxpath:commons-jxpath (Maven) Oct 6, 2022 withdrawn
JXPath Out-of-bounds Write vulnerability Moderate
CVE-2022-40158 was published for commons-jxpath:commons-jxpath (Maven) Oct 6, 2022 withdrawn
Jettison parser crash by stackoverflow Moderate
CVE-2022-40149 was published for org.codehaus.jettison:jettison (Maven) Sep 17, 2022
coheigea
LIEF vulnerable to heap based buffer overflow Moderate
CVE-2022-38306 was published for lief (pip) Sep 14, 2022
snakeYAML before 1.32 vulnerable to Denial of Service due to Out-of-bounds Write Moderate
CVE-2022-38752 was published for org.yaml:snakeyaml (Maven) Sep 6, 2022
mprins
snakeYAML before 1.31 vulnerable to Denial of Service due to Out-of-bounds Write Moderate
CVE-2022-38751 was published for org.yaml:snakeyaml (Maven) Sep 6, 2022
snakeYAML before 1.31 vulnerable to Denial of Service due to Out-of-bounds Write Moderate
CVE-2022-38749 was published for be.cylab:snakeyaml (Maven) Sep 6, 2022
ProTip! Advisories are also available from the GraphQL API