Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,662
Maven
5,000+
npm
4,289
NuGet
760
pip
4,069
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

51 advisories

Loading
Keycloak TLS Client-Initiated Renegotiation Denial of Service High
CVE-2025-11419 was published for org.keycloak:keycloak-quarkus-dist (Maven) Oct 27, 2025
Undertow MadeYouReset HTTP/2 DDoS Vulnerability High
CVE-2025-9784 was published for io.undertow:undertow-core (Maven) Sep 2, 2025
fawind
Credited to fawind
Eclipse Jetty affected by MadeYouReset HTTP/2 vulnerability High
CVE-2025-5115 was published for org.eclipse.jetty.http2:http2-common (Maven) Aug 20, 2025
galbarnahum AnatBB
YanivRL
Credited to galbarnahum, AnatBB, and YanivRL
Netty affected by MadeYouReset HTTP/2 DDoS vulnerability High
CVE-2025-55163 was published for io.grpc:grpc-netty-shaded (Maven) Aug 13, 2025
galbarnahum AnatBB
YanivRL aikebah jjweston if-of
Credited to galbarnahum, AnatBB, YanivRL, aikebah, jjweston, and if-of
Apache Tomcat - DoS in multipart upload High
CVE-2025-48988 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jun 16, 2025
Apache Commons FileUpload, Apache Commons FileUpload: FileUpload DoS via part headers High
CVE-2025-48976 was published for commons-fileupload:commons-fileupload (Maven) Jun 16, 2025
ryanmurf
Credited to ryanmurf
H2O Vulnerable to Denial of Service (DoS) via `/3/ImportFiles` Endpoint High
CVE-2024-7768 was published for ai.h2o:h2o-core (Maven) Mar 20, 2025
Apache James vulnerable to denial of service through the use of IMAP literals High
CVE-2024-37358 was published for org.apache.james.protocols:protocols-imap (Maven) Feb 6, 2025
Apache Tomcat Allocation of Resources Without Limits or Throttling vulnerability High
CVE-2024-38286 was published for org.apache.tomcat:tomcat-util (Maven) Nov 7, 2024
GraphQL Java does not properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service High
CVE-2024-40094 was published for com.graphql-java:graphql-java (Maven) Jul 30, 2024
DNSJava vulnerable to KeyTrap - Denial-of-Service Algorithmic Complexity Attacks High
GHSA-crjg-w57m-rqqf was published for dnsjava:dnsjava (Maven) Jul 22, 2024
levpachmanov amita-seal
Credited to levpachmanov and amita-seal
Connection leaking on idle timeout when TCP congested High
CVE-2024-22201 was published for org.eclipse.jetty.http2:http2-common (Maven) Feb 26, 2024
luffy1949
Credited to luffy1949
Denial of Service in Connect2id Nimbus JOSE+JWT High
CVE-2023-52428 was published for com.nimbusds:nimbus-jose-jwt (Maven) Feb 11, 2024
ebickle
Credited to ebickle
Liferay Portal denial of service (memory consumption) High
CVE-2024-25143 was published for com.liferay.portal:release.portal.bom (Maven) Feb 7, 2024
Ion Java StackOverflow vulnerability High
CVE-2024-21634 was published for com.amazon.ion:ion-java (Maven) Jan 3, 2024
ebickle
Credited to ebickle
Allocation of Resources Without Limits in Keycloak High
CVE-2023-6563 was published for org.keycloak:keycloak-model-jpa (Maven) Dec 14, 2023
Duplicate Advisory: Denial of Service in JSON-Java High
GHSA-rm7j-f5g5-27vv was published for org.json:json (Maven) Oct 12, 2023 withdrawn
Astralidea
Credited to Astralidea
snappy-java's missing upper bound check on chunk length can lead to Denial of Service (DoS) impact High
CVE-2023-43642 was published for org.xerial.snappy:snappy-java (Maven) Sep 25, 2023
mkcops janjwerner-confluent
flabbergastedbd
Credited to mkcops, janjwerner-confluent, and flabbergastedbd
snappy-java's unchecked chunk length leads to DoS High
CVE-2023-34455 was published for org.xerial.snappy:snappy-java (Maven) Jun 15, 2023
srmish-jfrog
Credited to srmish-jfrog
Apache Struts vulnerable to memory exhaustion High
CVE-2023-34396 was published for org.apache.struts:struts-core (Maven) Jun 14, 2023
ryanmurf
Credited to ryanmurf
Spring Framework vulnerable to denial of service High
CVE-2023-20863 was published for org.springframework:spring-expression (Maven) Apr 13, 2023
amita-seal sunSUNQ
Credited to amita-seal and sunSUNQ
GraphQL Java vulnerable to stack consumption High
CVE-2023-28867 was published for com.graphql-java:graphql-java (Maven) Mar 27, 2023
jackson-databind possible Denial of Service if using JDK serialization to serialize JsonNode High
CVE-2021-46877 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Mar 19, 2023
Denial of service in Jenkins Core High
CVE-2023-27901 was published for org.jenkins-ci.main:jenkins-core (Maven) Mar 10, 2023
westonsteimel
Credited to westonsteimel
Apache Commons FileUpload denial of service vulnerability High
CVE-2023-24998 was published for commons-fileupload:commons-fileupload (Maven) Feb 20, 2023
sunSUNQ westonsteimel
Credited to sunSUNQ and westonsteimel
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database