GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
65 advisories
Filter by severity
Uncontrolled memory consumption
Moderate
CVE-2021-31811
was published
for
org.apache.pdfbox:pdfbox
(Maven)
Jun 15, 2021
Improper Handling of Length Parameter Inconsistency in Compress
High
CVE-2021-35517
was published
for
org.apache.commons:commons-compress
(Maven)
Aug 2, 2021
Improper Handling of Length Parameter Inconsistency in Compress
High
CVE-2021-35516
was published
for
org.apache.commons:commons-compress
(Maven)
Aug 2, 2021
Denial of Service in Spring Cloud Function
High
CVE-2022-22979
was published
for
org.springframework.cloud:spring-cloud-function-parent
(Maven)
Jun 22, 2022
Out-of-Memory Error in Bouncy Castle Crypto
High
CVE-2019-17359
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 17, 2019
Unbounded connection acceptance leads to file handle exhaustion
High
CVE-2021-21293
was published
for
org.http4s:blaze-core_2.11
(Maven)
Feb 2, 2021
Unbounded connection acceptance in http4s-blaze-server
High
CVE-2021-21294
was published
for
org.http4s:http4s-blaze-server_2.12
(Maven)
Feb 2, 2021
Apache Tika vulnerable to uncontrolled memory consumption
Moderate
CVE-2022-25169
was published
for
org.apache.tika:tika
(Maven)
May 17, 2022
XNIO `notifyReadClosed` method logging message to unexpected end
High
CVE-2022-0084
was published
for
org.jboss.xnio:xnio-all
(Maven)
Aug 27, 2022
Allocation of Resources Without Limits or Throttling in Apache Tika
High
CVE-2019-10088
was published
for
org.apache.tika:tika-core
(Maven)
Aug 6, 2019
Allocation of Resources Without Limits or Throttling in Apache Tika
Moderate
CVE-2019-10093
was published
for
org.apache.tika:tika-parsers
(Maven)
Aug 6, 2019
Allocation of Resources Without Limits or Throttling in Apache Tika
High
CVE-2019-10094
was published
for
org.apache.tika:tika-core
(Maven)
Aug 6, 2019
Potential DOS attack due to unrestricted attachment count in messages
Moderate
CVE-2019-12406
was published
for
org.apache.cxf:apache-cxf
(Maven)
Nov 8, 2019
Denial of Service in Netty
High
CVE-2020-11612
was published
for
io.netty:netty-handler
(Maven)
Jun 15, 2020
Denial of Service in Cryptacular
High
CVE-2020-7226
was published
for
org.cryptacular:cryptacular
(Maven)
Jun 10, 2020
Allocation of Resources Without Limits or Throttling in Keycloak
High
CVE-2020-10758
was published
for
org.keycloak:keycloak-parent
(Maven)
Feb 9, 2022
Allocation of Resources Without Limits or Throttling in Undertow
High
CVE-2020-10705
was published
for
io.undertow:undertow-core
(Maven)
Apr 30, 2021
ReDOS in Vfsjfilechooser2
High
CVE-2021-29061
was published
for
com.github.fracpete:vfsjfilechooser2
(Maven)
Jan 6, 2022
Allocation of resources without limits or throttling in keycloak-model-infinispan
High
CVE-2021-3637
was published
for
org.keycloak:keycloak-model-infinispan
(Maven)
Jul 13, 2021
Eclipse Milo vulnerable to Resource Exhaustion (Denial of Service)
High
CVE-2022-25897
was published
for
org.eclipse.milo:sdk-server
(Maven)
Sep 15, 2022
Denial of Service (DoS) in Jackson Dataformat CBOR
High
CVE-2020-28491
was published
for
com.fasterxml.jackson.dataformat:jackson-dataformat-cbor
(Maven)
Dec 9, 2021
Allocation of Resources Without Limits or Throttling in iText
Moderate
CVE-2022-24196
was published
for
com.itextpdf:itext7-core
(Maven)
Feb 2, 2022
Allocation of Resources Without Limits or Throttling in Spring Framework
Moderate
CVE-2022-22950
was published
for
org.springframework:spring-expression
(Maven)
Apr 3, 2022
GraphQL Java vulnerable to stack consumption
High
CVE-2023-28867
was published
for
com.graphql-java:graphql-java
(Maven)
Mar 27, 2023
Creation of new database tables through login form on PostgreSQL
High
CVE-2022-41932
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Nov 21, 2022
ProTip!
Advisories are also available from the
GraphQL API