GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,277
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
66 advisories
Filter by severity
Denial of service in DataCommunicator class in Vaadin 8
Moderate
GHSA-j23j-q57m-63v3
was published
for
com.vaadin:vaadin-server
(Maven)
Oct 13, 2021
Uncontrolled Resource Consumption in Spray JSON
Moderate
CVE-2018-18855
was published
for
io.spray:spray-json
(Maven)
Jun 28, 2022
Uncontrolled Resource Consumption in Undertow
Moderate
CVE-2018-1114
was published
for
io.undertow:undertow-core
(Maven)
May 13, 2022
Uncontrolled Resource Consumption in WildFly
Moderate
CVE-2020-25689
was published
for
org.wildfly:wildfly-dist
(Maven)
May 24, 2022
Uncontrolled Resource Consumption in Apache Tika
Moderate
CVE-2020-1950
was published
for
org.apache.tika:tika
(Maven)
May 7, 2021
org.apache.activemq:artemis-core-client Vulnerable to Out-of-Bounds Write
Moderate
CVE-2021-4040
was published
for
org.apache.activemq:artemis-core-client
(Maven)
Aug 25, 2022
Apache Tika vulnerable to uncontrolled memory consumption
Moderate
CVE-2022-25169
was published
for
org.apache.tika:tika
(Maven)
May 17, 2022
In Apache PDFBox a carefully crafted PDF file can trigger an extremely long running computation
Moderate
CVE-2018-11797
was published
for
org.apache.pdfbox:pdfbox
(Maven)
Oct 17, 2018
DOS vulnerability for Quoted Quality CSV headers
Moderate
CVE-2020-27223
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Mar 10, 2021
XStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos)
Moderate
CVE-2021-21348
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
Infinite loop in Apache Tika
Moderate
CVE-2021-28657
was published
for
org.apache.tika:tika
(Maven)
May 10, 2021
Navigate endpoint is vulnerable to regex injection that may lead to Denial of Service.
Moderate
CVE-2021-29506
was published
for
com.graphhopper:graphhopper-nav
(Maven)
May 19, 2021
Uncontrolled Resource Consumption in JPA Server in HAPI FHIR
Moderate
CVE-2021-32053
was published
for
ca.uhn.hapi.fhir:hapi-fhir-jpaserver-base
(Maven)
Jun 16, 2021
Uncontrolled Resource Consumption in XNIO
Moderate
CVE-2020-14340
was published
for
org.jboss.xnio:xnio-nio
(Maven)
Jun 8, 2021
Denial of Service in SheetJS Pro
Moderate
CVE-2021-32014
was published
for
org.webjars.npm:xlsx
(Maven)
Jul 22, 2021
Denial of Service in SheetsJS Pro
Moderate
CVE-2021-32013
was published
for
org.webjars.npm:xlsx
(Maven)
Jul 22, 2021
Denial of Service in SheetJS Pro
Moderate
CVE-2021-32012
was published
for
org.webjars.npm:xlsx
(Maven)
Jul 22, 2021
A vulnerability in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via a Raft session flooding attack using Raft OpenSessionRequest messages.
Moderate
CVE-2020-35210
was published
for
io.atomix:atomix
(Maven)
Dec 17, 2021
Hash collision in typelevel jawn
Moderate
CVE-2022-21653
was published
for
org.typelevel:jawn-parser
(Maven)
Jan 6, 2022
Memory leak in micronaut-core
Moderate
CVE-2022-21700
was published
for
io.micronaut:micronaut-http
(Maven)
Jan 21, 2022
XWiki Platform subject to Uncontrolled Resource Consumption
Moderate
CVE-2023-26470
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Mar 3, 2023
Ruby vulnerable to denial of service
Moderate
CVE-2013-1821
was published
for
org.jruby:jruby
(Maven)
May 17, 2022
Wildfly EJB Client causes DoS
Moderate
CVE-2020-14297
was published
for
org.jboss:jboss-ejb-client
(Maven)
May 24, 2022
Rack Gem Subject to Denial of Service via Hash Collisions
Moderate
CVE-2011-5036
was published
for
org.jruby:jruby-parent
(RubyGems)
May 17, 2022
JRuby denial of service via Hash Collision
Moderate
CVE-2012-5370
was published
for
org.jruby:jruby-parent
(Maven)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API