Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,218
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

97 advisories

Loading
Keycloak vulnerable to uncontrolled resource consumption High
CVE-2014-3651 was published for org.keycloak:keycloak-core (Maven) Oct 18, 2018
High severity vulnerability that affects com.typesafe.akka:akka-http-core_2.11 and com.typesafe.akka:akka-http-core_2.12 High
CVE-2018-16131 was published for com.typesafe.akka:akka-http-core_2.11 (Maven) Oct 22, 2018
Uncontrolled Resource Consumption in spray-json when parsing decimal digit fields High
CVE-2018-18853 was published for io.spray:spray-json_2.10 (Maven) Nov 9, 2018
Uncontrolled Resource Consumption in spray-json High
CVE-2018-18854 was published for io.spray:spray-json_2.10 (Maven) Nov 9, 2018
Regular expression denial of service (ReDoS) in EmailField component in Vaadin 14 and 15-17 High
GHSA-crh4-294p-vcfq was published for com.vaadin:vaadin-text-field-flow (Maven) Apr 19, 2021
Uncontrolled Resource Consumption in org.eclipse.jetty:jetty-server High
CVE-2018-12545 was published for org.eclipse.jetty:jetty-server (Maven) Mar 28, 2019
RESTEasy 4.5.5.Final in hash flooding High
CVE-2020-14326 was published for org.jboss.resteasy:resteasy-bom (Maven) Mar 18, 2022
Uncontrolled Resource Consumption in Apache ZooKeeper High
CVE-2017-5637 was published for org.apache.zookeeper:zookeeper (Maven) May 13, 2022
Resource Exhaustion in Spring Security High
CVE-2021-22119 was published for org.springframework.security:spring-security-core (Maven) Jul 2, 2021
OutOfMemory Exception by specifically crafted processing instruction in NekoHtml Parser High
CVE-2022-29546 was published for net.sourceforge.htmlunit:neko-htmlunit (Maven) Apr 26, 2022
kurt-r2c
graphql-java vulnerable to Denial of Service via GraphQL query that consumes CPU resources High
CVE-2022-37734 was published for com.graphql-java:graphql-java (Maven) Sep 13, 2022
Denial of service binding form from JSON in Play Framework High
CVE-2022-31018 was published for com.typesafe.play:play_2.12 (Maven) Jun 3, 2022
beny23 gmethvin
BillyAutrey
lite-server vulnerable to Denial of Service High
CVE-2022-25940 was published for lite-server (Maven) Dec 20, 2022
lirantal
Undertow vulnerable to Denial of Service (DoS) attacks High
CVE-2021-3859 was published for io.undertow:undertow-core (Maven) Jul 15, 2022
Protobuf Java vulnerable to Uncontrolled Resource Consumption High
CVE-2022-3509 was published for com.google.protobuf:protobuf-java (Maven) Dec 12, 2022
Protobuf Java vulnerable to Uncontrolled Resource Consumption High
CVE-2022-3510 was published for com.google.protobuf:protobuf-java (Maven) Dec 12, 2022
Undertow vulnerable to Uncontrolled Resource Consumption High
CVE-2019-14888 was published for io.undertow:undertow-core (Maven) May 24, 2022
Denial of Service by injecting highly recursive collections or maps in XStream High
CVE-2021-43859 was published for com.thoughtworks.xstream:xstream (Maven) Feb 1, 2022
r00t4dm
Unbounded connection acceptance in http4s-blaze-server High
CVE-2021-21294 was published for org.http4s:http4s-blaze-server_2.12 (Maven) Feb 2, 2021
Unbounded connection acceptance leads to file handle exhaustion High
CVE-2021-21293 was published for org.http4s:blaze-core_2.11 (Maven) Feb 2, 2021
Junrar vulnerable to infinite loop via extracting carefully crafted RAR archive High
CVE-2022-23596 was published for com.github.junrar:junrar (Maven) Feb 1, 2022
occia ZanderHuang
Han0nly
Undertow vulnerable to Dos via Large AJP request High
CVE-2022-2053 was published for io.undertow:undertow-core (Maven) Aug 6, 2022
HuTool vulnerable to Uncontrolled Resource Consumption High
CVE-2022-4565 was published for cn.hutool:hutool-core (Maven) Dec 16, 2022
Denial of Service in Netty High
CVE-2020-11612 was published for io.netty:netty-handler (Maven) Jun 15, 2020
XStream can cause a Denial of Service. High
CVE-2021-21341 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database