GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
171 advisories
Filter by severity
In Apache PDFBox a carefully crafted PDF file can trigger an extremely long running computation
Moderate
CVE-2018-11797
was published
for
org.apache.pdfbox:pdfbox
(Maven)
Oct 17, 2018
Keycloak vulnerable to uncontrolled resource consumption
High
CVE-2014-3651
was published
for
org.keycloak:keycloak-core
(Maven)
Oct 18, 2018
Apache Qpid Broker-J vulnerable to Denial of Service (DoS) via uncontrolled resource consumption
High
CVE-2017-15701
was published
for
org.apache.qpid:qpid-broker
(Maven)
Oct 19, 2018
High severity vulnerability that affects com.typesafe.akka:akka-http-core_2.11 and com.typesafe.akka:akka-http-core_2.12
High
CVE-2018-16131
was published
for
com.typesafe.akka:akka-http-core_2.11
(Maven)
Oct 22, 2018
Uncontrolled Resource Consumption in spray-json
High
CVE-2018-18854
was published
for
io.spray:spray-json_2.10
(Maven)
Nov 9, 2018
Uncontrolled Resource Consumption in spray-json when parsing decimal digit fields
High
CVE-2018-18853
was published
for
io.spray:spray-json_2.10
(Maven)
Nov 9, 2018
Uncontrolled Resource Consumption in org.eclipse.jetty:jetty-server
High
CVE-2018-12545
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Mar 28, 2019
Apache Tomcat Denial of Service vulnerability
High
CVE-2019-0199
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jun 15, 2020
Denial of service in Apache Xerces2
High
CVE-2012-0881
was published
for
xerces:xercesImpl
(Maven)
Jun 15, 2020
Denial of Service in Netty
High
CVE-2020-11612
was published
for
io.netty:netty-handler
(Maven)
Jun 15, 2020
Memory exhaustion in http4s-async-http-client with large or malicious compressed responses
Low
GHSA-8hxh-r6f7-jf45
was published
for
org.http4s:http4s-async-http-client_2.12
(Maven)
Oct 16, 2020
Unbounded connection acceptance leads to file handle exhaustion
High
CVE-2021-21293
was published
for
org.http4s:blaze-core_2.11
(Maven)
Feb 2, 2021
Unbounded connection acceptance in http4s-blaze-server
High
CVE-2021-21294
was published
for
org.http4s:http4s-blaze-server_2.12
(Maven)
Feb 2, 2021
DOS vulnerability for Quoted Quality CSV headers
Moderate
CVE-2020-27223
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Mar 10, 2021
Uncontrolled Resource Consumption in Apache Thrift
High
CVE-2020-13949
was published
for
org.apache.thrift:libthrift
(Maven)
Mar 12, 2021
XStream can cause a Denial of Service.
High
CVE-2021-21341
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
XStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos)
Moderate
CVE-2021-21348
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
Jetty vulnerable to incorrect handling of invalid large TLS frame, exhausting CPU resources
High
CVE-2021-28165
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Apr 6, 2021
Regular expression denial of service (ReDoS) in EmailField component in Vaadin 14 and 15-17
High
CVE-2021-31405
was published
for
com.vaadin:vaadin-bom
(Maven)
Apr 19, 2021
Regular expression denial of service (ReDoS) in EmailValidator class in Vaadin 7
High
CVE-2020-36320
was published
for
com.vaadin:vaadin-bom
(Maven)
Apr 19, 2021
Regular expression denial of service (ReDoS) in EmailField component in Vaadin 14 and 15-17
High
GHSA-crh4-294p-vcfq
was published
for
com.vaadin:vaadin-text-field-flow
(Maven)
Apr 19, 2021
Regular expression Denial of Service (ReDoS) in EmailValidator class in V7 compatibility module in Vaadin 8
High
CVE-2021-31409
was published
for
com.vaadin:vaadin-compatibility-server
(Maven)
May 4, 2021
Uncontrolled Resource Consumption in Apache Tika
Moderate
CVE-2020-1950
was published
for
org.apache.tika:tika
(Maven)
May 7, 2021
Infinite loop in Apache Tika
Moderate
CVE-2021-28657
was published
for
org.apache.tika:tika
(Maven)
May 10, 2021
ProTip!
Advisories are also available from the
GraphQL API