GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
34 advisories
Filter by severity
Apache CXF TLS hostname verification does not work correctly with com.sun.net.ssl.*
High
CVE-2018-8039
was published
for
org.apache.cxf:apache-cxf
(Maven)
Oct 19, 2018
ecdsa Denial of Service vulnerability in signature verification and signature malleability
High
CVE-2019-14853
was published
for
ecdsa
(pip)
Oct 8, 2019
Jetty vulnerable to incorrect handling of invalid large TLS frame, exhausting CPU resources
High
CVE-2021-28165
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Apr 6, 2021
Denial of Service (DoS) in restify-paginate
High
CVE-2020-27543
was published
for
restify-paginate
(npm)
Apr 12, 2021
Authorization bypass in github.com/dgrijalva/jwt-go
High
CVE-2020-26160
was published
for
github.com/dgrijalva/jwt-go
(Go)
May 18, 2021
github.com/nats-io/nats-server Import token permissions checking not enforced
High
GHSA-j756-f273-xhp4
was published
for
github.com/nats-io/nats-server/v2
(Go)
May 21, 2021
Ory fosite contains Improper Handling of Exceptional Conditions
High
CVE-2020-15223
was published
for
github.com/ory/fosite
(Go)
May 24, 2021
Improper Handling of Exceptional Conditions in Apache Tomcat
High
CVE-2021-30639
was published
for
org.apache.tomcat:tomcat
(Maven)
Aug 13, 2021
Improper Handling of Exceptional Conditions in detect-character-encoding
High
CVE-2021-39157
was published
for
detect-character-encoding
(npm)
Aug 25, 2021
Parse Server crashes with query parameter
High
CVE-2021-39187
was published
for
parse-server
(npm)
Sep 2, 2021
Improper Handling of Exceptional Conditions and Improper Input Validation in Reactor Netty
High
CVE-2020-5403
was published
for
io.projectreactor.netty:reactor-netty-http
(Maven)
Feb 10, 2022
Improper Input Validation and Excessive Iteration in Go Facebook Thrift
High
CVE-2019-3564
was published
for
github.com/facebook/fbthrift
(Go)
Feb 15, 2022
simpleSAMLphp incorrectly handles XML encryption
High
CVE-2011-4625
was published
for
simplesamlphp/simplesamlphp
(Composer)
Apr 22, 2022
Denial of Service in http-swagger
High
CVE-2022-24863
was published
for
github.com/swaggo/http-swagger
(Go)
Apr 22, 2022
XMLTooling Library Incorrectly Handles Some Exceptions
High
CVE-2019-9628
was published
for
org.opensaml:xmltooling
(Maven)
May 13, 2022
•
withdrawn
OpenStack Neutron's unsupported dport option prevents applying security groups
High
CVE-2019-9735
was published
for
neutron
(pip)
May 13, 2022
Improper Handling of Exceptional Conditions in Apache Tomcat
High
CVE-2017-5664
was published
for
org.apache.tomcat:tomcat
(Maven)
May 13, 2022
Improper Handling of Exceptional Conditions in Newtonsoft.Json
High
CVE-2024-21907
was published
for
Newtonsoft.Json
(NuGet)
Jun 22, 2022
Denial of service due to incorrect application of event authorization rules
High
CVE-2022-31152
was published
for
matrix-synapse
(pip)
Aug 31, 2022
Traefik HTTP/2 connections management could cause a denial of service
High
CVE-2022-39271
was published
for
github.com/traefik/traefik/v2
(Go)
Oct 10, 2022
Yauaa vulnerable to ArrayIndexOutOfBoundsException triggered by a crafted Sec-Ch-Ua-Full-Version-List
High
CVE-2022-23496
was published
for
nl.basjes.parse.useragent:yauaa
(Maven)
Dec 8, 2022
ProTip!
Advisories are also available from the
GraphQL API