Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,190
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,702
NuGet
656
pip
3,326
Pub
11
RubyGems
883
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

34 advisories

Loading
Improper exception handling in Aedes High
CVE-2020-13410 was published for aedes (npm) May 6, 2021
Yauaa vulnerable to ArrayIndexOutOfBoundsException triggered by a crafted Sec-Ch-Ua-Full-Version-List High
CVE-2022-23496 was published for nl.basjes.parse.useragent:yauaa (Maven) Dec 8, 2022
Improper Handling of Exceptional Conditions and Improper Input Validation in Reactor Netty High
CVE-2020-5403 was published for io.projectreactor.netty:reactor-netty-http (Maven) Feb 10, 2022
Parse Server crashes with query parameter High
CVE-2021-39187 was published for parse-server (npm) Sep 2, 2021
mstniy
Denial of Service (DoS) in restify-paginate High
CVE-2020-27543 was published for restify-paginate (npm) Apr 12, 2021
Improper Handling of Exceptional Conditions in detect-character-encoding High
CVE-2021-39157 was published for detect-character-encoding (npm) Aug 25, 2021
Denial of Service in soketi High
CVE-2022-21667 was published for @soketi/soketi (npm) Jan 8, 2022
Improper Handling of Exceptional Conditions in Apache Tomcat High
CVE-2021-30639 was published for org.apache.tomcat:tomcat (Maven) Aug 13, 2021
go-merkledag's ProtoNode may be modified such that common method calls may panic High
CVE-2022-23495 was published for github.com/ipfs/go-merkledag (Go) Dec 8, 2022
mrd0ll4r
Ory fosite contains Improper Handling of Exceptional Conditions High
CVE-2020-15223 was published for github.com/ory/fosite (Go) May 24, 2021
jclebreton
Denial of Service in axios High
CVE-2019-10742 was published for axios (npm) May 29, 2019
tdunlap607
Uncaught Exception in engine.io High
CVE-2022-21676 was published for engine.io (npm) Jan 13, 2022
marwej
Traefik HTTP/2 connections management could cause a denial of service High
CVE-2022-39271 was published for github.com/traefik/traefik/v2 (Go) Oct 10, 2022
XMLTooling Library Incorrectly Handles Some Exceptions High
CVE-2019-9628 was published for org.opensaml:xmltooling (Maven) May 13, 2022 withdrawn
njuneau-coveo twn
Improper Input Validation and Excessive Iteration in Go Facebook Thrift High
CVE-2019-3564 was published for github.com/facebook/fbthrift (Go) Feb 15, 2022
oliverchang
Jetty vulnerable to incorrect handling of invalid large TLS frame, exhausting CPU resources High
CVE-2021-28165 was published for org.eclipse.jetty:jetty-server (Maven) Apr 6, 2021
Directus crashes on invalid WebSocket message High
CVE-2023-45820 was published for directus (npm) Oct 19, 2023
nles
Calico Typha denial of service vulnerability High
CVE-2023-41378 was published for github.com/projectcalico/calico (Go) Nov 6, 2023
Unauthenticated Denial of Service in the octokit/webhooks library High
CVE-2023-50728 was published for @octokit/app (npm) Dec 16, 2023
Apache CXF TLS hostname verification does not work correctly with com.sun.net.ssl.* High
CVE-2018-8039 was published for org.apache.cxf:apache-cxf (Maven) Oct 19, 2018
sunSUNQ
Improper Handling of Exceptional Conditions in Newtonsoft.Json High
CVE-2024-21907 was published for Newtonsoft.Json (NuGet) Jun 22, 2022
ezsilmar JamesNK
simpleSAMLphp incorrectly handles XML encryption High
CVE-2011-4625 was published for simplesamlphp/simplesamlphp (Composer) Apr 22, 2022
Quarkus Improper Handling of Insufficient Permissions or Privileges and Improper Handling of Exceptional Conditions vulnerability High
CVE-2023-6267 was published for io.quarkus.resteasy.reactive:resteasy-reactive (Maven) Jan 25, 2024
Improper Handling of Exceptional Conditions in Apache Tomcat High
CVE-2017-5664 was published for org.apache.tomcat:tomcat (Maven) May 13, 2022
sunSUNQ
Denial of Service in http-swagger High
CVE-2022-24863 was published for github.com/swaggo/http-swagger (Go) Apr 22, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database