Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,746
Erlang
35
GitHub Actions
29
Go
2,321
Maven
5,000+
npm
3,955
NuGet
712
pip
3,736
Pub
12
RubyGems
921
Rust
972
Swift
38
Unreviewed advisories
All unreviewed
5,000+

73 advisories

Loading
io.jmix.localfs:jmix-localfs affected by DoS in the Local File Storage Moderate
CVE-2025-32952 was published for io.jmix.localfs:jmix-localfs (Maven) Apr 22, 2025
AnonySE26
Keycloak Denial of Service (DoS) Vulnerability via JWT Token Cache Moderate
CVE-2025-2559 was published for org.keycloak:keycloak-services (Maven) Mar 25, 2025
Cuba has a DoS in the File Storage Moderate
CVE-2025-32959 was published for com.haulmont.cuba:cuba-core (Maven) Apr 22, 2025
Apache Tomcat Vulnerable to Denial of Service (DoS) via Simultaneous Requests High
CVE-2005-3510 was published for org.apache.tomcat:tomcat (Maven) May 1, 2022
Eclipse Jetty's ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks Moderate
CVE-2024-8184 was published for org.eclipse.jetty:jetty-server (Maven) Oct 14, 2024
HRsGIT
jackson-databind possible Denial of Service if using JDK serialization to serialize JsonNode High
CVE-2021-46877 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Mar 19, 2023
Elasticsearch allocation of resources without limits or throttling leads to crash Moderate
CVE-2024-43709 was published for org.elasticsearch:elasticsearch (Maven) Jan 21, 2025
Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file Moderate
CVE-2024-26308 was published for org.apache.commons:commons-compress (Maven) Feb 19, 2024
oscerd astashys
Apache Struts vulnerable to memory exhaustion High
CVE-2023-34396 was published for org.apache.struts:struts2-core (Maven) Jun 14, 2023
Apache Struts vulnerable to memory exhaustion Moderate
CVE-2023-34149 was published for org.apache.struts:struts2-core (Maven) Jun 14, 2023
Apache Commons FileUpload denial of service vulnerability High
CVE-2023-24998 was published for commons-fileupload:commons-fileupload (Maven) Feb 20, 2023
sunSUNQ westonsteimel
Apache Tomcat Allocation of Resources Without Limits or Throttling vulnerability High
CVE-2024-38286 was published for org.apache.tomcat:tomcat-util (Maven) Nov 7, 2024
Connection leaking on idle timeout when TCP congested High
CVE-2024-22201 was published for org.eclipse.jetty.http2:http2-common (Maven) Feb 26, 2024
luffy1949
Liferay Portal vulnerable to Denial of Service Moderate
CVE-2024-26265 was published for com.liferay.portal:release.portal.bom (Maven) Feb 20, 2024
Spring Security vulnerable to Authorization Bypass of Static Resources in WebFlux Applications Critical
CVE-2024-38821 was published for org.springframework.security:spring-security-web (Maven) Oct 28, 2024
android-gif-drawable vulerable to denial of service due to unrestricted comment length High
CVE-2022-23435 was published for pl.droidsonroids.gif:android-gif-drawable (Maven) Jan 20, 2022
Marcono1234
Searching Opencast may cause a denial of service Moderate
CVE-2024-52797 was published for org.opencastproject:opencast-elasticsearch-impl (Maven) Nov 20, 2024
DNSJava vulnerable to KeyTrap - Denial-of-Service Algorithmic Complexity Attacks High
GHSA-crjg-w57m-rqqf was published for dnsjava:dnsjava (Maven) Jul 22, 2024
levpachmanov amita-seal
Allocation of Resources Without Limits or Throttling in metadata-extractor High
CVE-2022-24614 was published for com.drewnoakes:metadata-extractor (Maven) Feb 25, 2022
cpropps-sysdig
Eclipse Jetty's PushSessionCacheFilter can cause remote DoS attacks Low
CVE-2024-6762 was published for org.eclipse.jetty:jetty-servlets (Maven) Oct 14, 2024
Wildfly vulnerable to denial of service Moderate
CVE-2024-4029 was published for org.wildfly:wildfly-domain-http (Maven) May 2, 2024
Denial of Service in Connect2id Nimbus JOSE+JWT High
CVE-2023-52428 was published for com.nimbusds:nimbus-jose-jwt (Maven) Feb 11, 2024
ebickle
Liferay Portal denial of service (memory consumption) High
CVE-2024-25143 was published for com.liferay.portal:release.portal.bom (Maven) Feb 7, 2024
Vertx gRPC server does not limit the maximum message size Moderate
CVE-2024-8391 was published for io.vertx:vertx-grpc-client (Maven) Sep 4, 2024
Spring Framework vulnerable to Denial of Service Moderate
CVE-2024-38808 was published for org.springframework:spring-expression (Maven) Aug 20, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database