Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,036
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

115 advisories

Loading
Liferay Portal Vulnerable to DoS via Crafted Headless API Request High
CVE-2025-62260 was published for com.liferay.portal:release.portal.bom (Maven) Oct 28, 2025
Keycloak TLS Client-Initiated Renegotiation Denial of Service High
CVE-2025-11419 was published for org.keycloak:keycloak-quarkus-dist (Maven) Oct 27, 2025
H2O Vulnerable to Denial of Service (DoS) via `/3/ImportFiles` Endpoint High
CVE-2024-7768 was published for ai.h2o:h2o-core (Maven) Mar 20, 2025
H2O Vulnerable to Denial of Service (DoS) and File Write High
CVE-2024-10572 was published for ai.h2o:h2o-ext-xgboost (Maven) Mar 20, 2025
H2O Vulnerable to Denial of Service (DoS) via `/3/Parse` Endpoint High
CVE-2024-10549 was published for ai.h2o:h2o-core (Maven) Mar 20, 2025
Denial of service in jackson-dataformat-toml High
CVE-2023-3894 was published for com.fasterxml.jackson.dataformat:jackson-dataformat-toml (Maven) Aug 8, 2023
Mochis ryanmurf
Credited to Mochis and ryanmurf
Liferay Portal: Missing Rate Limiting in GraphQL Endpoint Enables Resource Exhaustion Attack High
CVE-2025-43796 was published for com.liferay:com.liferay.portal.vulcan.api (Maven) Sep 12, 2025
protobuf-java has potential Denial of Service issue High
CVE-2024-7254 was published for com.google.protobuf:protobuf-java (RubyGems) Sep 19, 2024
anlakii
Credited to anlakii
Liferay Portal Vulnerable to Denial of Service in Kaleo Forms Admin High
CVE-2025-43772 was published for com.liferay:com.liferay.portal.workflow.kaleo.forms.web (Maven) Sep 4, 2025
Denial of Service in jquery High
CVE-2016-10707 was published for jQuery (RubyGems) Jan 22, 2018
anlakii
Credited to anlakii
Apache Log4j 1.x (EOL) allows Denial of Service (DoS) High
CVE-2023-26464 was published for log4j:log4j (Maven) Mar 10, 2023
jw123023 AndrzejBiernacki2010
Credited to jw123023 and AndrzejBiernacki2010
Protobuf Java vulnerable to Uncontrolled Resource Consumption High
CVE-2022-3510 was published for com.google.protobuf:protobuf-java (Maven) Dec 12, 2022
levpachmanov
Credited to levpachmanov
Protobuf Java vulnerable to Uncontrolled Resource Consumption High
CVE-2022-3509 was published for com.google.protobuf:protobuf-java (Maven) Dec 12, 2022
levpachmanov
Credited to levpachmanov
Eclipse Jetty affected by MadeYouReset HTTP/2 vulnerability High
CVE-2025-5115 was published for org.eclipse.jetty.http2:http2-common (Maven) Aug 20, 2025
galbarnahum AnatBB
YanivRL
Credited to galbarnahum, AnatBB, and YanivRL
Apache Tomcat - Denial of Service High
CVE-2024-34750 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jul 3, 2024
westonsteimel
Credited to westonsteimel
Apache James vulnerable to denial of service through the use of IMAP literals High
CVE-2024-37358 was published for org.apache.james.protocols:protocols-imap (Maven) Feb 6, 2025
Spring Framework server Web DoS Vulnerability High
CVE-2024-22233 was published for org.springframework:spring-core (Maven) Jan 22, 2024
aruneko reva
YukiInu fnxpt schmidt-fu tolmaidis LukaszGrzesik
Credited to aruneko, reva, YukiInu, fnxpt, schmidt-fu, tolmaidis, and LukaszGrzesik
Liferay Portal SessionClicks does not restrict the saving of request parameters in the HTTP session High
CVE-2025-3526 was published for com.liferay.portal:com.liferay.portal.kernel (Maven) Jun 16, 2025
Liferay Portal does not limit the depth of a GraphQL queries High
CVE-2025-3602 was published for com.liferay:com.liferay.portal.vulcan.impl (Maven) Jun 16, 2025
Undertow Uncontrolled Resource Consumption High
CVE-2021-3629 was published for io.undertow:undertow-core (Maven) May 25, 2022
nhakmiller
Credited to nhakmiller
org.ini4j allows attackers to cause a Denial of Service (DoS) High
CVE-2022-41404 was published for org.ini4j:ini4j (Maven) Oct 12, 2022
cx-eilon-cohen
Credited to cx-eilon-cohen
Eclipse Jetty HTTP/2 client can force the server to allocate a humongous byte buffer that may lead to OoM and subsequently the JVM to exit High
CVE-2025-1948 was published for org.eclipse.jetty.http2:jetty-http2-common (Maven) May 8, 2025
bjorncs
Credited to bjorncs
Undertow Uncontrolled Resource Consumption Vulnerability High
CVE-2024-1635 was published for io.undertow:undertow-core (Maven) Feb 20, 2024
lite-server vulnerable to Denial of Service High
CVE-2022-25940 was published for lite-server (Maven) Dec 20, 2022
lirantal
Credited to lirantal
Ignite Realtime Openfire vulnerable to XMPPbomb attack High
CVE-2014-2741 was published for org.igniterealtime.openfire:parent (Maven) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database