GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,980
Erlang
29
GitHub Actions
16
Go
1,769
Maven
4,994
npm
3,540
NuGet
616
pip
3,113
Pub
10
RubyGems
838
Rust
787
Swift
34
Unreviewed advisories
All unreviewed
5,000+
158 advisories
Filter by severity
Apache Tomcat - Denial of Service
High
CVE-2024-34750
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jul 3, 2024
STRIMZI incorrect access control
High
CVE-2024-36543
was published
for
io.strimzi:strimzi
(Maven)
Jun 17, 2024
netty-handler SniHandler 16MB allocation
Moderate
CVE-2023-34462
was published
for
io.netty:netty-handler
(Maven)
Jun 20, 2023
HTTP/2 Stream Cancellation Attack
Moderate
CVE-2023-44487
was published
for
com.typesafe.akka:akka-http-core
(Go)
Oct 10, 2023
Undertow's url-encoded request path information can be broken on ajp-listener
High
CVE-2024-6162
was published
for
io.undertow:undertow-core
(Maven)
Jun 20, 2024
Eclipse Vert.x vulnerable to a memory leak in TCP servers
Moderate
CVE-2024-1300
was published
for
io.vertx:vertx-core
(Maven)
Apr 2, 2024
htmlcleaner vulnerable to stack exhaustion
High
CVE-2023-34624
was published
for
net.sourceforge.htmlcleaner:htmlcleaner
(Maven)
Jun 14, 2023
Elasticsearch Uncontrolled Resource Consumption vulnerability
Moderate
CVE-2024-23450
was published
for
org.elasticsearch:elasticsearch
(Maven)
Mar 27, 2024
Spring Framework vulnerable to denial of service
High
CVE-2023-20863
was published
for
org.springframework:spring-expression
(Maven)
Apr 13, 2023
Bouncy Castle Denial of Service (DoS)
Moderate
CVE-2023-33202
was published
for
org.bouncycastle:bcpkix-jdk18on
(Maven)
Nov 23, 2023
Regular expression denial of service (ReDoS) in EmailValidator class in Vaadin 7
High
CVE-2020-36320
was published
for
com.vaadin:vaadin-bom
(Maven)
Apr 19, 2021
Denial of service in DataCommunicator class in Vaadin 8
Moderate
CVE-2021-33609
was published
for
com.vaadin:vaadin-server
(Maven)
Oct 13, 2021
Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.
Moderate
CVE-2024-29857
was published
for
BouncyCastle
(Maven)
May 14, 2024
Denial of service in Spring Security OAuth2
Moderate
CVE-2022-22969
was published
for
org.springframework.security.oauth:spring-security-oauth2
(Maven)
Apr 22, 2022
Apache Kafka vulnerability can lead to brokers hitting OutOfMemoryException, causing Denial of Service
High
CVE-2022-34917
was published
for
org.apache.kafka:kafka
(Maven)
Sep 21, 2022
XNIO denial of service vulnerability
High
CVE-2023-5685
was published
for
org.jboss.xnio:xnio-api
(Maven)
Mar 22, 2024
Undertow vulnerable to denial of service
High
CVE-2023-3223
was published
for
io.undertow:undertow-parent
(Maven)
Sep 27, 2023
Connection leaking on idle timeout when TCP congested
High
CVE-2024-22201
was published
for
org.eclipse.jetty.http2:http2-common
(Maven)
Feb 26, 2024
Uncontrolled Resource Consumption in FasterXML jackson-databind
High
CVE-2022-42004
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Oct 3, 2022
Uncontrolled Resource Consumption in snakeyaml
High
CVE-2022-25857
was published
for
org.yaml:snakeyaml
(Maven)
Aug 31, 2022
Denial of Service in Connect2id Nimbus JOSE+JWT
Moderate
CVE-2023-52428
was published
for
com.nimbusds:nimbus-jose-jwt
(Maven)
Feb 11, 2024
Uncontrolled Resource Consumption in Jackson-databind
High
CVE-2022-42003
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Oct 3, 2022
Apache ActiveMQ default configuration subject to denial of service
Moderate
CVE-2012-6551
was published
for
org.apache.activemq:activemq-web-demo
(Maven)
May 17, 2022
Apache Tomcat EncryptInterceptor error leads to Uncontrolled Resource Consumption
High
CVE-2022-29885
was published
for
org.apache.tomcat:tomcat
(Maven)
May 13, 2022
Uncontrolled Resource Consumption in Apache Tomcat
High
CVE-2020-11996
was published
for
org.apache.tomcat:tomcat
(Maven)
Feb 9, 2022
ProTip!
Advisories are also available from the
GraphQL API