Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,406
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,641
Pub
13
RubyGems
1,026
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

210 advisories

Loading
The Eclipse Jetty Server Artifact has a Gzip request memory leak High
CVE-2026-1605 was published for org.eclipse.jetty:jetty-server (Maven) Mar 5, 2026
glebashnik Credited to glebashnik and bjorncs bjorncs bjorncs
Snowflake JDBC Driver is Vulnerable to Uncontrolled Resource Consumption through SdkProxyRoutePlanner Low
CVE-2026-3293 was published for net.snowflake:snowflake-jdbc (Maven) Feb 27, 2026
MessagePack for Java Vulnerable to Remote DoS via Malicious EXT Payload Allocation High
CVE-2026-21452 was published for org.msgpack:msgpack-core (Maven) Jan 5, 2026
HyperPS Credited to HyperPS
Rhino has high CPU usage and potential DoS when passing specific numbers to `toFixed()` function Low
CVE-2025-66453 was published for org.mozilla:rhino (Maven) Dec 3, 2025
TechPizzaDev Credited to TechPizzaDev
Liferay Portal Vulnerable to DoS via Crafted Headless API Request High
CVE-2025-62260 was published for com.liferay.portal:release.portal.bom (Maven) Oct 28, 2025
Keycloak TLS Client-Initiated Renegotiation Denial of Service High
CVE-2025-11419 was published for org.keycloak:keycloak-quarkus-dist (Maven) Oct 27, 2025
Bouncy Castle Vulnerable to Uncontrolled Resource Consumption Moderate
CVE-2025-12194 was published for org.bouncycastle:bc-fips (Maven) Oct 25, 2025
Liferay Portal: Missing Rate Limiting in GraphQL Endpoint Enables Resource Exhaustion Attack High
CVE-2025-43796 was published for com.liferay:com.liferay.portal.vulcan.api (Maven) Sep 12, 2025
FS2 half-shutdown of socket during TLS handshake may result in spin loop on opposite side Moderate
CVE-2025-58369 was published for co.fs2:fs2-io_0.26 (Maven) Sep 5, 2025
lukestephenson-zendesk Credited to lukestephenson-zendesk
Liferay Portal Vulnerable to Denial of Service in Kaleo Forms Admin High
CVE-2025-43772 was published for com.liferay:com.liferay.portal.workflow.kaleo.forms.web (Maven) Sep 4, 2025
Bouncy Castle for Java has Uncontrolled Resource Consumption Vulnerability Moderate
CVE-2025-9341 was published for org.bouncycastle:bc-fips (Maven) Aug 22, 2025
Eclipse Jetty affected by MadeYouReset HTTP/2 vulnerability High
CVE-2025-5115 was published for org.eclipse.jetty.http2:http2-common (Maven) Aug 20, 2025
galbarnahum Credited to galbarnahum, AnatBB, and YanivRL AnatBB AnatBB
YanivRL YanivRL
Bouncy Castle for Java Uncontrolled Resource Consumption Vulnerability Low
CVE-2025-9092 was published for org.bouncycastle:bc-fips (Maven) Aug 16, 2025
Apache CXF is vulnerable to DoS attacks as entire files are read into memory and logged Moderate
CVE-2025-48795 was published for org.apache.cxf:cxf-core (Maven) Jul 15, 2025
pavelarnost Credited to pavelarnost
Apache Tomcat Coyote vulnerable to Denial of Service via excessive HTTP/2 streams High
CVE-2025-53506 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jul 10, 2025
fabien-chebel Credited to fabien-chebel and westonsteimel westonsteimel westonsteimel
Liferay Portal SessionClicks does not restrict the saving of request parameters in the HTTP session High
CVE-2025-3526 was published for com.liferay.portal:com.liferay.portal.kernel (Maven) Jun 16, 2025
Liferay Portal does not limit the depth of a GraphQL queries High
CVE-2025-3602 was published for com.liferay:com.liferay.portal.vulcan.impl (Maven) Jun 16, 2025
Apache Commons Configuration Uncontrolled Resource Consumption Low
CVE-2025-46392 was published for commons-configuration:commons-configuration (Maven) May 9, 2025
Eclipse Jetty HTTP/2 client can force the server to allocate a humongous byte buffer that may lead to OoM and subsequently the JVM to exit High
CVE-2025-1948 was published for org.eclipse.jetty.http2:jetty-http2-common (Maven) May 8, 2025
bjorncs Credited to bjorncs
Elasticsearch Uncontrolled Resource Consumption Vulnerability Moderate
CVE-2024-52979 was published for org.elasticsearch:elasticsearch (Maven) May 1, 2025
Apereo CAS has inefficient regular expression complexity Moderate
CVE-2025-3986 was published for org.apereo.cas:cas-server-core-configuration-metadata-repository (Maven) Apr 27, 2025
Apereo CAS has inefficient regular expression complexity Moderate
CVE-2025-3985 was published for org.apereo.cas:cas-management-webapp-support (Maven) Apr 27, 2025
Elasticsearch Vulnerable to Stack Overflow due to a Large Recursion Moderate
CVE-2024-52981 was published for org.elasticsearch:elasticsearch (Maven) Apr 8, 2025
AnonySE26 Credited to AnonySE26
Elasticsearch Potential Node Crash due to Large Recursion in `innerForbidCircularReferences` Function Moderate
CVE-2024-52980 was published for org.elasticsearch:elasticsearch (Maven) Apr 8, 2025
AnonySE26 Credited to AnonySE26
H2O Vulnerable to Denial of Service (DoS) via `/3/ImportFiles` Endpoint High
CVE-2024-7768 was published for ai.h2o:h2o-core (Maven) Mar 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database