GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,897
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
163 advisories
Filter by severity
Apache Commons Compress denial of service vulnerability
Moderate
CVE-2023-42503
was published
for
org.apache.commons:commons-compress
(Maven)
Sep 14, 2023
Esoteric YamlBeans XML Entity Expansion vulnerability
Moderate
CVE-2023-24620
was published
for
com.esotericsoftware.yamlbeans:yamlbeans
(Maven)
Aug 25, 2023
Denial of service in jackson-dataformats-text
High
CVE-2023-3894
was published
for
com.fasterxml.jackson.dataformat:jackson-dataformats-text
(Maven)
Aug 8, 2023
Apache Any23 vulnerable to excessive memory usage
Moderate
CVE-2023-34150
was published
for
org.apache.any23:apache-any23
(Maven)
Jul 5, 2023
FastAsyncWorldEdit vulnerable to Uncontrolled Resource Consumption
Moderate
CVE-2023-35925
was published
for
com.fastasyncworldedit:FastAsyncWorldEdit-Bukkit
(Maven)
Jun 22, 2023
org.nokogiri:nekohtml vulnerable to Uncontrolled Resource Consumption
High
CVE-2022-24839
was published
for
org.nokogiri:nekohtml
(Maven)
Jun 22, 2023
netty-handler SniHandler 16MB allocation
Moderate
CVE-2023-34462
was published
for
io.netty:netty-handler
(Maven)
Jun 20, 2023
jjson vulnerable to stack exhaustion
High
CVE-2023-35110
was published
for
de.grobmeier.json:jjson
(Maven)
Jun 14, 2023
htmlcleaner vulnerable to stack exhaustion
High
CVE-2023-34624
was published
for
net.sourceforge.htmlcleaner:htmlcleaner
(Maven)
Jun 14, 2023
genson vulnerable to stack exhaustion
High
CVE-2023-34617
was published
for
com.owlike:genson
(Maven)
Jun 14, 2023
ph-json vulnerable to stack exhaustion
High
CVE-2023-34612
was published
for
com.helger.commons:ph-json
(Maven)
Jun 14, 2023
JSONUtil vulnerable to stack exhaustion
Critical
CVE-2023-34615
was published
for
net.pwall.json:jsonutil
(Maven)
Jun 14, 2023
jsonij vulnerable to stack exhaustion
High
CVE-2023-34614
was published
for
cc.plural:jsonij
(Maven)
Jun 14, 2023
sojo vulnerable to stack exhaustion
High
CVE-2023-34613
was published
for
net.sf.sojo:sojo
(Maven)
Jun 14, 2023
json-io vulnerable to stack exhaustion
High
CVE-2023-34610
was published
for
com.cedarsoftware:json-io
(Maven)
Jun 14, 2023
pbjson vulnerable to stack exhaustion
High
CVE-2023-34616
was published
for
com.progsbase.libraries:JSON
(Maven)
Jun 14, 2023
hjson stack exhaustion vulnerability
High
CVE-2023-34620
was published
for
org.hjson:hjson
(Maven)
Jun 14, 2023
RuoYi Uncontrolled Resource Consumption vulnerability
Low
CVE-2023-3163
was published
for
com.ruoyi:ruoyi
(Maven)
Jun 8, 2023
Spring Boot Welcome Page Denial of Service
High
CVE-2023-20883
was published
for
org.springframework.boot:spring-boot-autoconfigure
(Maven)
May 26, 2023
Unrestricted recursion in htmlunit
High
CVE-2023-2798
was published
for
org.htmlunit:htmlunit
(Maven)
May 25, 2023
OutOfMemoryError for large multipart without filename in Eclipse Jetty
Moderate
CVE-2023-26048
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Apr 19, 2023
Spring Framework vulnerable to denial of service
High
CVE-2023-20863
was published
for
org.springframework:spring-expression
(Maven)
Apr 13, 2023
Apache Log4j 1.x (EOL) allows Denial of Service (DoS)
High
CVE-2023-26464
was published
for
org.apache.logging.log4j:log4j-core
(Maven)
Mar 10, 2023
XWiki Platform subject to Uncontrolled Resource Consumption
Moderate
CVE-2023-26470
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Mar 3, 2023
lite-server vulnerable to Denial of Service
High
CVE-2022-25940
was published
for
lite-server
(Maven)
Dec 20, 2022
ProTip!
Advisories are also available from the
GraphQL API