Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,698
Maven
5,000+
npm
4,325
NuGet
761
pip
4,099
Pub
12
RubyGems
958
Rust
1,063
Swift
45
Unreviewed advisories
All unreviewed
5,000+

80 advisories

Loading
FS2 half-shutdown of socket during TLS handshake may result in spin loop on opposite side Moderate
CVE-2025-58369 was published for co.fs2:fs2-io_0.26 (Maven) Sep 5, 2025
lukestephenson-zendesk
Credited to lukestephenson-zendesk
Apereo CAS has inefficient regular expression complexity Moderate
CVE-2025-3985 was published for org.apereo.cas:cas-management-webapp-support (Maven) Apr 27, 2025
Apache CXF is vulnerable to DoS attacks as entire files are read into memory and logged Moderate
CVE-2025-48795 was published for org.apache.cxf:cxf-core (Maven) Jul 15, 2025
pavelarnost
Credited to pavelarnost
Apache Tomcat Coyote vulnerable to Denial of Service via excessive HTTP/2 streams Moderate
CVE-2025-53506 was published for org.apache.tomcat:tomcat-coyote (Maven) Jul 10, 2025
fabien-chebel
Credited to fabien-chebel
jose4j denial of service via specifically crafted JWE Moderate
CVE-2023-51775 was published for org.bitbucket.b_c:jose4j (Maven) Feb 29, 2024
Eclipse Jetty's ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks Moderate
CVE-2024-8184 was published for org.eclipse.jetty:jetty-server (Maven) Oct 14, 2024
HRsGIT levpachmanov
Credited to HRsGIT and levpachmanov
Apache Tomcat Uncontrolled Resource Consumption vulnerability Moderate
CVE-2024-54677 was published for org.apache.tomcat:tomcat-catalina (Maven) Dec 17, 2024
Eclipse Jetty has a denial of service vulnerability on DosFilter Moderate
CVE-2024-9823 was published for org.eclipse.jetty.ee10:jetty-ee10-servlets (Maven) Oct 14, 2024
Bouncy Castle Vulnerable to Uncontrolled Resource Consumption Moderate
CVE-2025-12194 was published for org.bouncycastle:bc-fips (Maven) Oct 25, 2025
HTTP/2 Stream Cancellation Attack Moderate
CVE-2023-44487 was published for com.typesafe.akka:akka-http-core (Go) Oct 10, 2023
joakime faroukfaiz10
DuyTran-TomTom derekheld ebickle westonsteimel
Credited to joakime, faroukfaiz10, DuyTran-TomTom, derekheld, ebickle, and westonsteimel
Elasticsearch Uncontrolled Resource Consumption Vulnerability Moderate
CVE-2024-52979 was published for org.elasticsearch:elasticsearch (Maven) May 1, 2025
Uncontrolled Resource Consumption in Spray JSON Moderate
CVE-2018-18855 was published for io.spray:spray-json_2.10 (Maven) Jun 28, 2022
Bouncy Castle for Java has Uncontrolled Resource Consumption Vulnerability Moderate
CVE-2025-9341 was published for org.bouncycastle:bc-fips (Maven) Aug 22, 2025
Bouncy Castle Denial of Service (DoS) Moderate
CVE-2023-33202 was published for org.bouncycastle:bcpkix-jdk18on (Maven) Nov 23, 2023
ind-team ebickle
mpihelgas
Credited to ind-team, ebickle, and mpihelgas
Elasticsearch Potential Node Crash due to Large Recursion in `innerForbidCircularReferences` Function Moderate
CVE-2024-52980 was published for org.elasticsearch:elasticsearch (Maven) Apr 8, 2025
AnonySE26
Credited to AnonySE26
Elasticsearch Vulnerable to Stack Overflow due to a Large Recursion Moderate
CVE-2024-52981 was published for org.elasticsearch:elasticsearch (Maven) Apr 8, 2025
AnonySE26
Credited to AnonySE26
Spring MVC controller vulnerable to a DoS attack Moderate
CVE-2024-38828 was published for org.springframework:spring-webmvc (Maven) Nov 18, 2024
ayamburg-panw Louis-Jones-Evri
Credited to ayamburg-panw and Louis-Jones-Evri
Apereo CAS has inefficient regular expression complexity Moderate
CVE-2025-3986 was published for org.apereo.cas:cas-server-core-configuration-metadata-repository (Maven) Apr 27, 2025
Integer Overflow or Wraparound in Apache Tomcat Moderate
CVE-2014-0075 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
Credited to sunSUNQ
Apache Wicket: An attacker can intentionally trigger a memory leak Moderate
CVE-2024-53299 was published for org.apache.wicket:wicket-core (Maven) Jan 23, 2025
raboof
Credited to raboof
Spring Framework vulnerable to denial of service via specially crafted SpEL expression Moderate
CVE-2023-20861 was published for org.springframework:spring-expression (Maven) Mar 23, 2023
amita-seal sunSUNQ
Credited to amita-seal and sunSUNQ
Denial of Service attack on windows app using Netty Moderate
CVE-2025-25193 was published for io.netty:netty-common (Maven) Feb 10, 2025
chrisvest navzen2000
henrikplate JensBoening1337 jfposton
Credited to chrisvest, navzen2000, henrikplate, JensBoening1337, and jfposton
Spring Framework DoS via conditional HTTP request Moderate
CVE-2024-38809 was published for org.springframework:spring-web (Maven) Sep 24, 2024
weddige
Credited to weddige
Denial of Service attack on windows app using netty Moderate
CVE-2024-47535 was published for io.netty:netty-common (Maven) Nov 12, 2024
Amossys-PGR AB-xdev
irene221b vmulas
Credited to Amossys-PGR, AB-xdev, irene221b, and vmulas
Apache Commons Compress denial of service vulnerability Moderate
CVE-2023-42503 was published for org.apache.commons:commons-compress (Maven) Sep 14, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database