GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,897
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
163 advisories
Filter by severity
Apache Tomcat Denial of Service via Malformed Request Headers
Moderate
CVE-2009-0033
was published
for
org.apache.tomcat:tomcat
(Maven)
May 2, 2022
Apache Tomcat DoS Via Requests Including Null Characters
Moderate
CVE-2002-0935
was published
for
org.apache.tomcat:tomcat
(Maven)
Apr 30, 2022
Apache James Denial of Service
Moderate
CVE-2004-2650
was published
for
org.apache.james:james-server
(Maven)
Apr 29, 2022
Jetty HTTP Server Denial of Service vulnerability
Moderate
CVE-2004-2381
was published
for
org.mortbay.jetty:jetty
(Maven)
Apr 29, 2022
Apache Tomcat Denial of Service vulnerability in the Catalina package
Moderate
CVE-2003-0866
was published
for
org.apache.tomcat:tomcat
(Maven)
Apr 29, 2022
Jakarta Tomcat Denial of Service vulnerability
Moderate
CVE-2003-0045
was published
for
org.apache.tomcat:tomcat
(Maven)
Apr 29, 2022
OutOfMemory Exception by specifically crafted processing instruction in NekoHtml Parser
High
CVE-2022-29546
was published
for
net.sourceforge.htmlunit:neko-htmlunit
(Maven)
Apr 26, 2022
Denial of service in Spring Security OAuth2
Moderate
CVE-2022-22969
was published
for
org.springframework.security.oauth:spring-security-oauth2
(Maven)
Apr 22, 2022
Uncontrolled Resource Consumption in Apache DolphinScheduler
High
CVE-2022-25598
was published
for
apache-dolphinscheduler
(Maven)
Mar 31, 2022
RESTEasy 4.5.5.Final in hash flooding
High
CVE-2020-14326
was published
for
org.jboss.resteasy:resteasy-bom
(Maven)
Mar 18, 2022
Uncontrolled Resource Consumption in jboss-remoting
High
CVE-2020-35510
was published
for
org.jboss.remoting:jboss-remoting
(Maven)
Mar 18, 2022
Server-Side Request Forgery and Uncontrolled Resource Consumption in LemMinX
Critical
CVE-2022-0671
was published
for
org.eclipse.lemminx:lemminx-parent
(Maven)
Feb 19, 2022
Denial of service in Apache OpenMeetings
High
CVE-2020-13951
was published
for
org.apache.openmeetings:openmeetings-parent
(Maven)
Feb 10, 2022
Uncontrolled Resource Consumption in Apache Tomcat
High
CVE-2020-11996
was published
for
org.apache.tomcat:tomcat
(Maven)
Feb 9, 2022
Denial of service in Undertow
High
CVE-2020-27782
was published
for
io.undertow:undertow-core
(Maven)
Feb 9, 2022
Apache ActiveMQ Artemis Uncontrolled Resource Consumption (DoS)
High
CVE-2022-23913
was published
for
org.apache.activemq:artemis-core-client
(Maven)
Feb 6, 2022
Denial of Service by injecting highly recursive collections or maps in XStream
High
CVE-2021-43859
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Feb 1, 2022
Junrar vulnerable to infinite loop via extracting carefully crafted RAR archive
High
CVE-2022-23596
was published
for
com.github.junrar:junrar
(Maven)
Feb 1, 2022
Security Advisory for "Log4Shell"
Critical
GHSA-v57x-gxfj-484q
was published
for
com.hazelcast.jet:hazelcast-jet
(Maven)
Jan 21, 2022
Memory leak in micronaut-core
Moderate
CVE-2022-21700
was published
for
io.micronaut:micronaut-http
(Maven)
Jan 21, 2022
Hash collision in typelevel jawn
Moderate
CVE-2022-21653
was published
for
org.typelevel:jawn-parser
(Maven)
Jan 6, 2022
Infinite loop in Apache CFX
High
CVE-2021-30468
was published
for
org.apache.cxf:apache-cxf
(Maven)
Jan 6, 2022
Remote code injection, Improper Input Validation and Uncontrolled Recursion in Log4j library
Critical
GHSA-3qpm-h9ch-px3c
was published
for
org.powernukkit:powernukkit
(Maven)
Jan 6, 2022
A vulnerability in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via a Raft session flooding attack using Raft OpenSessionRequest messages.
Moderate
CVE-2020-35210
was published
for
io.atomix:atomix
(Maven)
Dec 17, 2021
Remote code injection in Log4j
Critical
CVE-2021-44228
was published
for
com.guicedee.services:log4j-core
(Maven)
Dec 10, 2021
ProTip!
Advisories are also available from the
GraphQL API