Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

158 advisories

Loading
Apache Tomcat - Denial of Service High
CVE-2024-34750 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jul 3, 2024
westonsteimel
Undertow's url-encoded request path information can be broken on ajp-listener High
CVE-2024-6162 was published for io.undertow:undertow-core (Maven) Jun 20, 2024
STRIMZI incorrect access control High
CVE-2024-36543 was published for io.strimzi:strimzi (Maven) Jun 17, 2024
Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation. Moderate
CVE-2024-29857 was published for BouncyCastle (Maven) May 14, 2024
Eclipse Vert.x vulnerable to a memory leak in TCP servers Moderate
CVE-2024-1300 was published for io.vertx:vertx-core (Maven) Apr 2, 2024
Elasticsearch Uncontrolled Resource Consumption vulnerability Moderate
CVE-2024-23450 was published for org.elasticsearch:elasticsearch (Maven) Mar 27, 2024
XNIO denial of service vulnerability High
CVE-2023-5685 was published for org.jboss.xnio:xnio-api (Maven) Mar 22, 2024
grosario1
Connection leaking on idle timeout when TCP congested High
CVE-2024-22201 was published for org.eclipse.jetty.http2:http2-common (Maven) Feb 26, 2024
luffy1949
Denial of Service in Connect2id Nimbus JOSE+JWT Moderate
CVE-2023-52428 was published for com.nimbusds:nimbus-jose-jwt (Maven) Feb 11, 2024
ebickle
Liferay Portal denial of service (memory consumption) Moderate
CVE-2024-25143 was published for com.liferay.portal:release.portal.bom (Maven) Feb 7, 2024
XWiki vulnerable to Denial of Service attack through attachments High
CVE-2024-21651 was published for org.xwiki.platform:xwiki-platform-distribution-war (Maven) Jan 8, 2024
Grails data binding causes JVM crash and/or other denial of service Moderate
CVE-2023-46131 was published for org.grails:grails-databinding (Maven) Dec 20, 2023
Grackle has StackOverflowError in GraphQL query processing High
CVE-2023-50730 was published for edu.gemini:gsp-graphql-core_2.13 (Maven) Dec 18, 2023
Bouncy Castle Denial of Service (DoS) Moderate
CVE-2023-33202 was published for org.bouncycastle:bcpkix-jdk18on (Maven) Nov 23, 2023
ind-team ebickle
Ghcml mpihelgas
Elasticsearch vulnerable to Uncontrolled Resource Consumption High
CVE-2023-31418 was published for org.elasticsearch:elasticsearch (Maven) Oct 26, 2023
RabbitMQ Java client's Lack of Message Size Limitation leads to Remote DoS Attack Moderate
CVE-2023-46120 was published for com.rabbitmq:amqp-client (Maven) Oct 24, 2023
LianKee
OpenSearch uncontrolled resource consumption High
GHSA-8wx3-324g-w4qq was published for org.opensearch.plugin:opensearch-security (Maven) Oct 17, 2023
io.netty:netty-codec-http2 vulnerable to HTTP/2 Rapid Reset Attack High
GHSA-xpw8-rcwv-8f8p was published for io.netty:netty-codec-http2 (Maven) Oct 10, 2023
DuyTran-TomTom
HTTP/2 Stream Cancellation Attack Moderate
CVE-2023-44487 was published for com.typesafe.akka:akka-http-core (Go) Oct 10, 2023
joakime faroukfaiz10
DuyTran-TomTom derekheld ebickle
Undertow vulnerable to denial of service High
CVE-2023-3223 was published for io.undertow:undertow-parent (Maven) Sep 27, 2023
Apache Commons Compress denial of service vulnerability Moderate
CVE-2023-42503 was published for org.apache.commons:commons-compress (Maven) Sep 14, 2023
Esoteric YamlBeans XML Entity Expansion vulnerability Moderate
CVE-2023-24620 was published for com.esotericsoftware.yamlbeans:yamlbeans (Maven) Aug 25, 2023
Denial of service in jackson-dataformats-text High
CVE-2023-3894 was published for com.fasterxml.jackson.dataformat:jackson-dataformats-text (Maven) Aug 8, 2023
Mochis
Apache Any23 vulnerable to excessive memory usage Moderate
CVE-2023-34150 was published for org.apache.any23:apache-any23 (Maven) Jul 5, 2023
FastAsyncWorldEdit vulnerable to Uncontrolled Resource Consumption Moderate
CVE-2023-35925 was published for com.fastasyncworldedit:FastAsyncWorldEdit-Bukkit (Maven) Jun 22, 2023
SuperMonis dordsor21
NotMyFault
ProTip! Advisories are also available from the GraphQL API