Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,750
Maven
5,000+
npm
4,351
NuGet
765
pip
4,114
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

17 advisories

Filter by severity
All severities
Low
Moderate
High
Critical
Loading
Withdrawn: JJWT improperly generates signing keys Moderate
CVE-2024-31033 was published for io.jsonwebtoken:jjwt-impl (Maven) Apr 1, 2024 withdrawn
ebickle
Credited to ebickle
Denial of service while parsing a tar file due to lack of folders count validation Moderate
CVE-2024-28863 was published for node-tar (npm) Mar 22, 2024
DEMON1AAlmogApiiro
ebickle
Credited to DEMON1A, AlmogApiiro, and ebickle
Denial of Service in Connect2id Nimbus JOSE+JWT High
CVE-2023-52428 was published for com.nimbusds:nimbus-jose-jwt (Maven) Feb 11, 2024
ebickle
Credited to ebickle
Apache Axis Improper Input Validation vulnerability High
CVE-2023-51441 was published for axis:axis (Maven) Jan 6, 2024
ebickle
Credited to ebickle
Ion Java StackOverflow vulnerability High
CVE-2024-21634 was published for com.amazon.ion:ion-java (Maven) Jan 3, 2024
ebickle
Credited to ebickle
Bouncy Castle Denial of Service (DoS) Moderate
CVE-2023-33202 was published for org.bouncycastle:bcpkix-jdk18on (Maven) Nov 23, 2023
ind-teamebickle
mpihelgas
Credited to ind-team, ebickle, and mpihelgas
Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code Critical
CVE-2023-45133 was published for @babel/traverse (npm) Oct 16, 2023
SteakEnthusiastashdude1401
nicolo-ribaudoApetree100122ebickle
Credited to SteakEnthusiast, ashdude1401, nicolo-ribaudo, Apetree100122, and ebickle
HTTP/2 Stream Cancellation Attack Moderate
CVE-2023-44487 was published for com.typesafe.akka:akka-http-core (Go) Oct 10, 2023
joakimefaroukfaiz10
DuyTran-TomTomderekheldebicklewestonsteimel
Credited to joakime, faroukfaiz10, DuyTran-TomTom, derekheld, ebickle, and westonsteimel
Apache Axis 1.x (EOL) may allow RCE when untrusted input is passed to getService Critical
CVE-2023-40743 was published for axis:axis (Maven) Sep 5, 2023
jkmartindaleebickle
Credited to jkmartindale and ebickle
Denial of service in Apache Struts Moderate
CVE-2016-3093 was published for ognl:ognl (Maven) May 17, 2022
ebickle
Credited to ebickle
Improper Certificate Validation in Apache Commons HttpClient Moderate
CVE-2012-5783 was published for commons-httpclient:commons-httpclient (Maven) May 13, 2022
ebickle
Credited to ebickle
Denial of service in Spring Security OAuth2 Moderate
CVE-2022-22969 was published for org.springframework.security.oauth:spring-security-oauth2 (Maven) Apr 22, 2022
ebickleSunBK201
Credited to ebickle and SunBK201
Command Injection in lodash High
CVE-2021-23337 was published for lodash (RubyGems) May 6, 2021
mitchell-codecovnitaiapiiro
ebickleG-Rath
Credited to mitchell-codecov, nitaiapiiro, ebickle, and G-Rath
Observable Differences in Behavior to Error Inputs in Bouncy Castle Moderate
CVE-2020-26939 was published for org.bouncycastle:bc-fips (Maven) Apr 22, 2021
ebickle
Credited to ebickle
TaffyDB can allow access to any data items in the DB High
CVE-2019-10790 was published for taffy (npm) Feb 19, 2020
ebickle
Credited to ebickle
Server Side Request Forgery in Apache Axis High
CVE-2019-0227 was published for axis:axis (Maven) May 14, 2019
ebickle
Credited to ebickle
Apache CXF TLS hostname verification does not work correctly with com.sun.net.ssl.* High
CVE-2018-8039 was published for org.apache.cxf:apache-cxf (Maven) Oct 19, 2018
sunSUNQebickle
Credited to sunSUNQ and ebickle
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database