Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,897
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

163 advisories

Loading
Apache Tomcat Denial of Service via Malformed Request Headers Moderate
CVE-2009-0033 was published for org.apache.tomcat:tomcat (Maven) May 2, 2022
Apache Tomcat DoS Via Requests Including Null Characters Moderate
CVE-2002-0935 was published for org.apache.tomcat:tomcat (Maven) Apr 30, 2022
Apache James Denial of Service Moderate
CVE-2004-2650 was published for org.apache.james:james-server (Maven) Apr 29, 2022
Jetty HTTP Server Denial of Service vulnerability Moderate
CVE-2004-2381 was published for org.mortbay.jetty:jetty (Maven) Apr 29, 2022
Apache Tomcat Denial of Service vulnerability in the Catalina package Moderate
CVE-2003-0866 was published for org.apache.tomcat:tomcat (Maven) Apr 29, 2022
Jakarta Tomcat Denial of Service vulnerability Moderate
CVE-2003-0045 was published for org.apache.tomcat:tomcat (Maven) Apr 29, 2022
OutOfMemory Exception by specifically crafted processing instruction in NekoHtml Parser High
CVE-2022-29546 was published for net.sourceforge.htmlunit:neko-htmlunit (Maven) Apr 26, 2022
kurt-r2c
Denial of service in Spring Security OAuth2 Moderate
CVE-2022-22969 was published for org.springframework.security.oauth:spring-security-oauth2 (Maven) Apr 22, 2022
ebickle SunBK201
Uncontrolled Resource Consumption in Apache DolphinScheduler High
CVE-2022-25598 was published for apache-dolphinscheduler (Maven) Mar 31, 2022
RESTEasy 4.5.5.Final in hash flooding High
CVE-2020-14326 was published for org.jboss.resteasy:resteasy-bom (Maven) Mar 18, 2022
Uncontrolled Resource Consumption in jboss-remoting High
CVE-2020-35510 was published for org.jboss.remoting:jboss-remoting (Maven) Mar 18, 2022
Server-Side Request Forgery and Uncontrolled Resource Consumption in LemMinX Critical
CVE-2022-0671 was published for org.eclipse.lemminx:lemminx-parent (Maven) Feb 19, 2022
Denial of service in Apache OpenMeetings High
CVE-2020-13951 was published for org.apache.openmeetings:openmeetings-parent (Maven) Feb 10, 2022
Uncontrolled Resource Consumption in Apache Tomcat High
CVE-2020-11996 was published for org.apache.tomcat:tomcat (Maven) Feb 9, 2022
sunSUNQ
Denial of service in Undertow High
CVE-2020-27782 was published for io.undertow:undertow-core (Maven) Feb 9, 2022
Apache ActiveMQ Artemis Uncontrolled Resource Consumption (DoS) High
CVE-2022-23913 was published for org.apache.activemq:artemis-core-client (Maven) Feb 6, 2022
Denial of Service by injecting highly recursive collections or maps in XStream High
CVE-2021-43859 was published for com.thoughtworks.xstream:xstream (Maven) Feb 1, 2022
r00t4dm
Junrar vulnerable to infinite loop via extracting carefully crafted RAR archive High
CVE-2022-23596 was published for com.github.junrar:junrar (Maven) Feb 1, 2022
occia ZanderHuang
Han0nly
Security Advisory for "Log4Shell" Critical
GHSA-v57x-gxfj-484q was published for com.hazelcast.jet:hazelcast-jet (Maven) Jan 21, 2022
frant-hartm
Memory leak in micronaut-core Moderate
CVE-2022-21700 was published for io.micronaut:micronaut-http (Maven) Jan 21, 2022
chrischiappe larrycarasco
Hash collision in typelevel jawn Moderate
CVE-2022-21653 was published for org.typelevel:jawn-parser (Maven) Jan 6, 2022
nrktkt
Infinite loop in Apache CFX High
CVE-2021-30468 was published for org.apache.cxf:apache-cxf (Maven) Jan 6, 2022
Remote code injection, Improper Input Validation and Uncontrolled Recursion in Log4j library Critical
GHSA-3qpm-h9ch-px3c was published for org.powernukkit:powernukkit (Maven) Jan 6, 2022
LoboMetalurgico PleaseInsertNameHere
A vulnerability in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via a Raft session flooding attack using Raft OpenSessionRequest messages. Moderate
CVE-2020-35210 was published for io.atomix:atomix (Maven) Dec 17, 2021
Remote code injection in Log4j Critical
CVE-2021-44228 was published for com.guicedee.services:log4j-core (Maven) Dec 10, 2021
ProTip! Advisories are also available from the GraphQL API