GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
34 advisories
Filter by severity
Quarkus Improper Handling of Insufficient Permissions or Privileges and Improper Handling of Exceptional Conditions vulnerability
High
CVE-2023-6267
was published
for
io.quarkus.resteasy.reactive:resteasy-reactive
(Maven)
Jan 25, 2024
OpenStack Neutron's unsupported dport option prevents applying security groups
High
CVE-2019-9735
was published
for
neutron
(pip)
May 13, 2022
Denial of service due to incorrect application of event authorization rules
High
CVE-2022-31152
was published
for
matrix-synapse
(pip)
Aug 31, 2022
ecdsa Denial of Service vulnerability in signature verification and signature malleability
High
CVE-2019-14853
was published
for
ecdsa
(pip)
Oct 8, 2019
Duplicate Advisory: Improper Handling of Exceptional Conditions in Newtonsoft.Json
High
GHSA-8rfx-6mr3-5jh3
was published
for
Newtonsoft.Json
(NuGet)
Jan 3, 2024
•
withdrawn
Apache Tomcat - Denial of Service
High
CVE-2024-34750
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jul 3, 2024
github.com/nats-io/nats-server Import token permissions checking not enforced
High
GHSA-j756-f273-xhp4
was published
for
github.com/nats-io/nats-server/v2
(Go)
May 21, 2021
Authorization bypass in github.com/dgrijalva/jwt-go
High
CVE-2020-26160
was published
for
github.com/dgrijalva/jwt-go
(Go)
May 18, 2021
@hono/node-server has Denial of Service risk when receiving Host header that cannot be parsed
High
CVE-2024-32652
was published
for
@hono/node-server
(npm)
Apr 19, 2024
Traefik vulnerable to denial of service with Content-length header
High
CVE-2024-28869
was published
for
github.com/traefik/traefik
(Go)
Apr 12, 2024
Denial of Service in http-swagger
High
CVE-2022-24863
was published
for
github.com/swaggo/http-swagger
(Go)
Apr 22, 2022
Improper Handling of Exceptional Conditions in Apache Tomcat
High
CVE-2017-5664
was published
for
org.apache.tomcat:tomcat
(Maven)
May 13, 2022
simpleSAMLphp incorrectly handles XML encryption
High
CVE-2011-4625
was published
for
simplesamlphp/simplesamlphp
(Composer)
Apr 22, 2022
Improper Handling of Exceptional Conditions in Newtonsoft.Json
High
CVE-2024-21907
was published
for
Newtonsoft.Json
(NuGet)
Jun 22, 2022
Apache CXF TLS hostname verification does not work correctly with com.sun.net.ssl.*
High
CVE-2018-8039
was published
for
org.apache.cxf:apache-cxf
(Maven)
Oct 19, 2018
Unauthenticated Denial of Service in the octokit/webhooks library
High
CVE-2023-50728
was published
for
@octokit/app
(npm)
Dec 16, 2023
Calico Typha denial of service vulnerability
High
CVE-2023-41378
was published
for
github.com/projectcalico/calico
(Go)
Nov 6, 2023
Directus crashes on invalid WebSocket message
High
CVE-2023-45820
was published
for
directus
(npm)
Oct 19, 2023
Jetty vulnerable to incorrect handling of invalid large TLS frame, exhausting CPU resources
High
CVE-2021-28165
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Apr 6, 2021
Improper Input Validation and Excessive Iteration in Go Facebook Thrift
High
CVE-2019-3564
was published
for
github.com/facebook/fbthrift
(Go)
Feb 15, 2022
XMLTooling Library Incorrectly Handles Some Exceptions
High
CVE-2019-9628
was published
for
org.opensaml:xmltooling
(Maven)
May 13, 2022
•
withdrawn
Traefik HTTP/2 connections management could cause a denial of service
High
CVE-2022-39271
was published
for
github.com/traefik/traefik/v2
(Go)
Oct 10, 2022
Ory fosite contains Improper Handling of Exceptional Conditions
High
CVE-2020-15223
was published
for
github.com/ory/fosite
(Go)
May 24, 2021
ProTip!
Advisories are also available from the
GraphQL API