GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,900
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
163 advisories
Filter by severity
Inefficient Regular Expression Complexity in Jenkins Build Failure Analyzer Plugin
Moderate
CVE-2019-16555
was published
for
com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer
(Maven)
May 24, 2022
Apache Sling POST Servlets Denial of Service Vulnerability
Moderate
CVE-2012-2138
was published
for
org.apache.sling:org.apache.sling.servlets.post
(Maven)
May 17, 2022
Rack Gem Subject to Denial of Service via Hash Collisions
Moderate
CVE-2011-5036
was published
for
org.jruby:jruby-parent
(RubyGems)
May 17, 2022
Ignite Realtime Openfire vulnerable to XMPPbomb attack
High
CVE-2014-2741
was published
for
org.igniterealtime.openfire:parent
(Maven)
May 17, 2022
JRuby denial of service via Hash Collision
Moderate
CVE-2012-5370
was published
for
org.jruby:jruby-parent
(Maven)
May 17, 2022
Apache ActiveMQ default configuration subject to denial of service
Moderate
CVE-2012-6551
was published
for
org.apache.activemq:activemq-web-demo
(Maven)
May 17, 2022
Ruby vulnerable to denial of service
Moderate
CVE-2013-1821
was published
for
org.jruby:jruby
(Maven)
May 17, 2022
ws-xmlrpc DoS Vulnerability
Moderate
CVE-2016-5004
was published
for
org.apache.xmlrpc:xmlrpc-common
(Maven)
May 17, 2022
Apache Tika vulnerable to uncontrolled memory consumption
Moderate
CVE-2022-25169
was published
for
org.apache.tika:tika
(Maven)
May 17, 2022
Apache Tomcat Denial of Service vulnerability
Moderate
CVE-2013-4322
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Integer Overflow or Wraparound in Apache Tomcat
Moderate
CVE-2014-0075
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Uncontrolled Resource Consumption in Apache Tomcat
High
CVE-2014-0230
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Apache OpenMeetings vulnerable to Uncontrolled Resource Consumption
High
CVE-2017-7684
was published
for
org.apache.openmeetings:openmeetings-parent
(Maven)
May 13, 2022
JBossWS vulnerable to uncontrolled recursion
Low
CVE-2011-1483
was published
for
org.jboss.ws:jbossws-common
(Maven)
May 13, 2022
Red Hat Wildfly DoS
High
CVE-2016-9589
was published
for
org.wildfly:wildfly-undertow
(Maven)
May 13, 2022
Uncontrolled Resource Consumption in Undertow
Moderate
CVE-2018-1114
was published
for
io.undertow:undertow-core
(Maven)
May 13, 2022
Command Injection in VIVO Vitro
High
CVE-2019-6986
was published
for
org.vivoweb:vitro-project
(Maven)
May 13, 2022
Uncontrolled Resource Consumption in Artemis and HornetQ
High
CVE-2017-12174
was published
for
org.apache.activemq:artemis-native
(Maven)
May 13, 2022
Uncontrolled Resource Consumption in Apache CXF
Moderate
CVE-2014-0110
was published
for
org.apache.cxf:cxf-core
(Maven)
May 13, 2022
Uncontrolled Resource Consumption in Apache CXF
Moderate
CVE-2014-0109
was published
for
org.apache.cxf:cxf-core
(Maven)
May 13, 2022
Uncontrolled Resource Consumption in Apache ZooKeeper
High
CVE-2017-5637
was published
for
org.apache.zookeeper:zookeeper
(Maven)
May 13, 2022
Apache Geronimo Hash Collisions Cause DoS
High
CVE-2011-5034
was published
for
org.apache.geronimo:geronimo
(Maven)
May 13, 2022
Uncontrolled Resource Consumption in Apache Commons Compress
Moderate
CVE-2012-2098
was published
for
org.apache.commons:commons-compress
(Maven)
May 13, 2022
Apache Tomcat EncryptInterceptor error leads to Uncontrolled Resource Consumption
High
CVE-2022-29885
was published
for
org.apache.tomcat:tomcat
(Maven)
May 13, 2022
Denial of Service in Apache POI
Moderate
CVE-2012-0213
was published
for
org.apache.poi:poi
(Maven)
May 4, 2022
ProTip!
Advisories are also available from the
GraphQL API