GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
65 advisories
Filter by severity
Searching Opencast may cause a denial of service
Moderate
CVE-2024-52797
was published
for
org.opencastproject:opencast-elasticsearch-impl
(Maven)
Nov 20, 2024
DNSJava vulnerable to KeyTrap - Denial-of-Service Algorithmic Complexity Attacks
High
GHSA-crjg-w57m-rqqf
was published
for
dnsjava:dnsjava
(Maven)
Jul 22, 2024
Allocation of Resources Without Limits or Throttling in metadata-extractor
High
CVE-2022-24614
was published
for
com.drewnoakes:metadata-extractor
(Maven)
Feb 25, 2022
Eclipse Jetty's PushSessionCacheFilter can cause remote DoS attacks
Low
CVE-2024-6762
was published
for
org.eclipse.jetty:jetty-servlets
(Maven)
Oct 14, 2024
Eclipse Jetty's ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks
Moderate
CVE-2024-8184
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Oct 14, 2024
Apache Tomcat Allocation of Resources Without Limits or Throttling vulnerability
High
CVE-2024-38286
was published
for
org.apache.tomcat:tomcat-util
(Maven)
Nov 7, 2024
Wildfly vulnerable to denial of service
Moderate
CVE-2024-4029
was published
for
org.wildfly:wildfly-domain-http
(Maven)
May 2, 2024
Denial of Service in Connect2id Nimbus JOSE+JWT
High
CVE-2023-52428
was published
for
com.nimbusds:nimbus-jose-jwt
(Maven)
Feb 11, 2024
Spring Security vulnerable to Authorization Bypass of Static Resources in WebFlux Applications
Critical
CVE-2024-38821
was published
for
org.springframework.security:spring-security-web
(Maven)
Oct 28, 2024
Liferay Portal vulnerable to Denial of Service
Moderate
CVE-2024-26265
was published
for
com.liferay.portal:release.portal.bom
(Maven)
Feb 20, 2024
Liferay Portal denial of service (memory consumption)
High
CVE-2024-25143
was published
for
com.liferay.portal:release.portal.bom
(Maven)
Feb 7, 2024
Vertx gRPC server does not limit the maximum message size
Moderate
CVE-2024-8391
was published
for
io.vertx:vertx-grpc-client
(Maven)
Sep 4, 2024
Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file
Moderate
CVE-2024-26308
was published
for
org.apache.commons:commons-compress
(Maven)
Feb 19, 2024
Spring Framework vulnerable to Denial of Service
Moderate
CVE-2024-38808
was published
for
org.springframework:spring-expression
(Maven)
Aug 20, 2024
GraphQL Java does not properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service
High
CVE-2024-40094
was published
for
com.graphql-java:graphql-java
(Maven)
Jul 30, 2024
netty-handler SniHandler 16MB allocation
Moderate
CVE-2023-34462
was published
for
io.netty:netty-handler
(Maven)
Jun 20, 2023
CrateDB has a Client initialized Session-Renegotiation DoS
Moderate
CVE-2024-37309
was published
for
io.crate:crate
(Maven)
Jun 13, 2024
Netty's HttpPostRequestDecoder can OOM
Moderate
CVE-2024-29025
was published
for
io.netty:netty-codec-http
(Maven)
Mar 25, 2024
Duplicate Advisory: Denial of Service in JSON-Java
High
GHSA-rm7j-f5g5-27vv
was published
for
org.json:json
(Maven)
Oct 12, 2023
•
withdrawn
Spring Framework vulnerable to denial of service
High
CVE-2023-20863
was published
for
org.springframework:spring-expression
(Maven)
Apr 13, 2023
Improper Input Validation and Allocation of Resources Without Limits or Throttling in poi-scratchpad
Moderate
CVE-2022-26336
was published
for
org.apache.poi:poi-scratchpad
(Maven)
Mar 5, 2022
Apache Kafka vulnerability can lead to brokers hitting OutOfMemoryException, causing Denial of Service
High
CVE-2022-34917
was published
for
org.apache.kafka:kafka
(Maven)
Sep 21, 2022
Apache Commons FileUpload denial of service vulnerability
High
CVE-2023-24998
was published
for
commons-fileupload:commons-fileupload
(Maven)
Feb 20, 2023
Ion Java StackOverflow vulnerability
High
CVE-2024-21634
was published
for
com.amazon.ion:ion-java
(Maven)
Jan 3, 2024
Denial of service in Spring Framework
High
CVE-2022-22970
was published
for
org.springframework:spring-beans
(Maven)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API