GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
12 advisories
Filter by severity
Improper Input Validation in PyYAML
Critical
CVE-2020-1747
was published
for
pyyaml
(pip)
Apr 20, 2021
Improper handling of case sensitivity in Spring Framework
High
CVE-2022-22968
was published
for
org.springframework:spring-context
(Maven)
Apr 15, 2022
Denial of service in Spring Framework
High
CVE-2022-22970
was published
for
org.springframework:spring-beans
(Maven)
May 13, 2022
Allocation of Resources Without Limits or Throttling in Spring Framework
Moderate
CVE-2022-22971
was published
for
org.springframework:spring-messaging
(Maven)
May 13, 2022
Regular expression denial of service in jquery-validation
Low
CVE-2021-43306
was published
for
jquery-validation
(npm)
Jun 3, 2022
Password exposure in H2 Database
High
CVE-2022-45868
was published
for
com.h2database:h2
(Maven)
Nov 23, 2022
Spring Framework vulnerable to denial of service via specially crafted SpEL expression
Moderate
CVE-2023-20861
was published
for
org.springframework:spring-expression
(Maven)
Mar 23, 2023
Spring Framework vulnerable to denial of service
High
CVE-2023-20863
was published
for
org.springframework:spring-expression
(Maven)
Apr 13, 2023
python-multipart vulnerable to Content-Type Header ReDoS
High
CVE-2024-24762
was published
for
python-multipart
(pip)
Feb 12, 2024
Bouncy Castle crafted signature and public key can be used to trigger an infinite loop
Moderate
CVE-2024-30172
was published
for
BouncyCastle
(Maven)
May 14, 2024
DNSJava affected by KeyTrap - NSEC3 closest encloser proof can exhaust CPU resources
High
GHSA-mmwx-rj87-vfgr
was published
for
dnsjava:dnsjava
(Maven)
Jul 22, 2024
DNSJava vulnerable to KeyTrap - Denial-of-Service Algorithmic Complexity Attacks
High
GHSA-crjg-w57m-rqqf
was published
for
dnsjava:dnsjava
(Maven)
Jul 22, 2024
ProTip!
Advisories are also available from the
GraphQL API