GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,900
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
163 advisories
Filter by severity
Denial of service in DataCommunicator class in Vaadin 8
Moderate
GHSA-j23j-q57m-63v3
was published
for
com.vaadin:vaadin-server
(Maven)
Oct 13, 2021
Denial of service in DataCommunicator class in Vaadin 8
Moderate
CVE-2021-33609
was published
for
com.vaadin:vaadin-server
(Maven)
Oct 13, 2021
SnappyFrameDecoder doesn't restrict chunk length any may buffer skippable chunks in an unnecessary way
High
CVE-2021-37137
was published
for
io.netty:netty
(Maven)
Sep 9, 2021
Bzip2Decoder doesn't allow setting size restrictions for decompressed data
High
CVE-2021-37136
was published
for
io.netty:netty
(Maven)
Sep 9, 2021
Denial of Service in SheetJS Pro
Moderate
CVE-2021-32012
was published
for
org.webjars.npm:xlsx
(Maven)
Jul 22, 2021
Denial of Service in SheetsJS Pro
Moderate
CVE-2021-32013
was published
for
org.webjars.npm:xlsx
(Maven)
Jul 22, 2021
Denial of Service in SheetJS Pro
Moderate
CVE-2021-32014
was published
for
org.webjars.npm:xlsx
(Maven)
Jul 22, 2021
Resource Exhaustion in Spring Security
High
CVE-2021-22119
was published
for
org.springframework.security:spring-security-core
(Maven)
Jul 2, 2021
Uncontrolled Resource Consumption in Apache OpenMeetings server
High
CVE-2021-27576
was published
for
org.apache.openmeetings:openmeetings-parent
(Maven)
Jun 16, 2021
Uncontrolled Resource Consumption in JPA Server in HAPI FHIR
Moderate
CVE-2021-32053
was published
for
ca.uhn.hapi.fhir:hapi-fhir-jpaserver-base
(Maven)
Jun 16, 2021
Uncontrolled Resource Consumption in XNIO
Moderate
CVE-2020-14340
was published
for
org.jboss.xnio:xnio-nio
(Maven)
Jun 8, 2021
Navigate endpoint is vulnerable to regex injection that may lead to Denial of Service.
Moderate
CVE-2021-29506
was published
for
com.graphhopper:graphhopper-nav
(Maven)
May 19, 2021
Authorization service vulnerable to DDos attacks in Apache CFX
High
CVE-2021-22696
was published
for
org.apache.cxf:apache-cxf
(Maven)
May 13, 2021
Infinite loop in Apache Tika
Moderate
CVE-2021-28657
was published
for
org.apache.tika:tika
(Maven)
May 10, 2021
Uncontrolled Resource Consumption in Apache Tika
Moderate
CVE-2020-1950
was published
for
org.apache.tika:tika
(Maven)
May 7, 2021
Regular expression Denial of Service (ReDoS) in EmailValidator class in V7 compatibility module in Vaadin 8
High
CVE-2021-31409
was published
for
com.vaadin:vaadin-compatibility-server
(Maven)
May 4, 2021
Regular expression denial of service (ReDoS) in EmailField component in Vaadin 14 and 15-17
High
GHSA-crh4-294p-vcfq
was published
for
com.vaadin:vaadin-text-field-flow
(Maven)
Apr 19, 2021
Regular expression denial of service (ReDoS) in EmailValidator class in Vaadin 7
High
CVE-2020-36320
was published
for
com.vaadin:vaadin-bom
(Maven)
Apr 19, 2021
Regular expression denial of service (ReDoS) in EmailField component in Vaadin 14 and 15-17
High
CVE-2021-31405
was published
for
com.vaadin:vaadin-bom
(Maven)
Apr 19, 2021
Jetty vulnerable to incorrect handling of invalid large TLS frame, exhausting CPU resources
High
CVE-2021-28165
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Apr 6, 2021
XStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos)
Moderate
CVE-2021-21348
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
XStream can cause a Denial of Service.
High
CVE-2021-21341
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
Uncontrolled Resource Consumption in Apache Thrift
High
CVE-2020-13949
was published
for
org.apache.thrift:libthrift
(Maven)
Mar 12, 2021
DOS vulnerability for Quoted Quality CSV headers
Moderate
CVE-2020-27223
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Mar 10, 2021
Unbounded connection acceptance in http4s-blaze-server
High
CVE-2021-21294
was published
for
org.http4s:http4s-blaze-server_2.12
(Maven)
Feb 2, 2021
ProTip!
Advisories are also available from the
GraphQL API