Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,036
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

205 advisories

Loading
Liferay Portal Vulnerable to DoS via Crafted Headless API Request High
CVE-2025-62260 was published for com.liferay.portal:release.portal.bom (Maven) Oct 28, 2025
Bouncy Castle Vulnerable to Uncontrolled Resource Consumption Moderate
CVE-2025-12194 was published for org.bouncycastle:bc-fips (Maven) Oct 25, 2025
Keycloak TLS Client-Initiated Renegotiation Denial of Service High
CVE-2025-11419 was published for org.keycloak:keycloak-quarkus-dist (Maven) Oct 27, 2025
HTTP/2 Stream Cancellation Attack Moderate
CVE-2023-44487 was published for com.typesafe.akka:akka-http-core (Go) Oct 10, 2023
joakime faroukfaiz10
DuyTran-TomTom derekheld ebickle westonsteimel
Credited to joakime, faroukfaiz10, DuyTran-TomTom, derekheld, ebickle, and westonsteimel
Remote code injection in Log4j Critical
CVE-2021-44228 was published for com.guicedee.services:log4j-core (Maven) Dec 10, 2021
ppkarwasz
Credited to ppkarwasz
H2O Vulnerable to Denial of Service (DoS) via `/3/ImportFiles` Endpoint High
CVE-2024-7768 was published for ai.h2o:h2o-core (Maven) Mar 20, 2025
H2O Vulnerable to Denial of Service (DoS) and File Write High
CVE-2024-10572 was published for ai.h2o:h2o-ext-xgboost (Maven) Mar 20, 2025
H2O Vulnerable to Denial of Service (DoS) via `/3/Parse` Endpoint High
CVE-2024-10549 was published for ai.h2o:h2o-core (Maven) Mar 20, 2025
Denial of service in jackson-dataformat-toml High
CVE-2023-3894 was published for com.fasterxml.jackson.dataformat:jackson-dataformat-toml (Maven) Aug 8, 2023
Mochis ryanmurf
Credited to Mochis and ryanmurf
Elasticsearch Uncontrolled Resource Consumption Vulnerability Moderate
CVE-2024-52979 was published for org.elasticsearch:elasticsearch (Maven) May 1, 2025
Uncontrolled Resource Consumption in Spray JSON Moderate
CVE-2018-18855 was published for io.spray:spray-json_2.10 (Maven) Jun 28, 2022
Liferay Portal: Missing Rate Limiting in GraphQL Endpoint Enables Resource Exhaustion Attack High
CVE-2025-43796 was published for com.liferay:com.liferay.portal.vulcan.api (Maven) Sep 12, 2025
protobuf-java has potential Denial of Service issue High
CVE-2024-7254 was published for com.google.protobuf:protobuf-java (RubyGems) Sep 19, 2024
anlakii
Credited to anlakii
FS2 half-shutdown of socket during TLS handshake may result in spin loop on opposite side Moderate
CVE-2025-58369 was published for co.fs2:fs2-io_0.26 (Maven) Sep 5, 2025
Liferay Portal Vulnerable to Denial of Service in Kaleo Forms Admin High
CVE-2025-43772 was published for com.liferay:com.liferay.portal.workflow.kaleo.forms.web (Maven) Sep 4, 2025
Denial of Service in jquery High
CVE-2016-10707 was published for jQuery (RubyGems) Jan 22, 2018
anlakii
Credited to anlakii
Apache Log4j 1.x (EOL) allows Denial of Service (DoS) High
CVE-2023-26464 was published for log4j:log4j (Maven) Mar 10, 2023
jw123023 AndrzejBiernacki2010
Credited to jw123023 and AndrzejBiernacki2010
Protobuf Java vulnerable to Uncontrolled Resource Consumption High
CVE-2022-3510 was published for com.google.protobuf:protobuf-java (Maven) Dec 12, 2022
levpachmanov
Credited to levpachmanov
Protobuf Java vulnerable to Uncontrolled Resource Consumption High
CVE-2022-3509 was published for com.google.protobuf:protobuf-java (Maven) Dec 12, 2022
levpachmanov
Credited to levpachmanov
Bouncy Castle for Java has Uncontrolled Resource Consumption Vulnerability Moderate
CVE-2025-9341 was published for org.bouncycastle:bc-fips (Maven) Aug 22, 2025
Eclipse Jetty affected by MadeYouReset HTTP/2 vulnerability High
CVE-2025-5115 was published for org.eclipse.jetty.http2:http2-common (Maven) Aug 20, 2025
galbarnahum AnatBB
YanivRL
Credited to galbarnahum, AnatBB, and YanivRL
Bouncy Castle for Java Uncontrolled Resource Consumption Vulnerability Low
CVE-2025-9092 was published for org.bouncycastle:bc-fips (Maven) Aug 16, 2025
Apache Tomcat Coyote vulnerable to Denial of Service via excessive HTTP/2 streams Moderate
CVE-2025-53506 was published for org.apache.tomcat:tomcat-coyote (Maven) Jul 10, 2025
fabien-chebel
Credited to fabien-chebel
Apache Tomcat Uncontrolled Resource Consumption vulnerability Moderate
CVE-2024-54677 was published for org.apache.tomcat:tomcat-catalina (Maven) Dec 17, 2024
Apache Tomcat - Denial of Service High
CVE-2024-34750 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jul 3, 2024
westonsteimel
Credited to westonsteimel
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database