GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
32 advisories
Filter by severity
@hono/node-server has Denial of Service risk when receiving Host header that cannot be parsed
High
CVE-2024-32652
was published
for
@hono/node-server
(npm)
Apr 19, 2024
Traefik vulnerable to denial of service with Content-length header
High
CVE-2024-28869
was published
for
github.com/traefik/traefik
(Go)
Apr 12, 2024
Quarkus Improper Handling of Insufficient Permissions or Privileges and Improper Handling of Exceptional Conditions vulnerability
High
CVE-2023-6267
was published
for
io.quarkus.resteasy.reactive:resteasy-reactive
(Maven)
Jan 25, 2024
Duplicate Advisory: Improper Handling of Exceptional Conditions in Newtonsoft.Json
High
GHSA-8rfx-6mr3-5jh3
was published
for
Newtonsoft.Json
(NuGet)
Jan 3, 2024
•
withdrawn
Unauthenticated Denial of Service in the octokit/webhooks library
High
CVE-2023-50728
was published
for
@octokit/app
(npm)
Dec 16, 2023
Calico Typha denial of service vulnerability
High
CVE-2023-41378
was published
for
github.com/projectcalico/calico
(Go)
Nov 6, 2023
Directus crashes on invalid WebSocket message
High
CVE-2023-45820
was published
for
directus
(npm)
Oct 19, 2023
go-merkledag's ProtoNode may be modified such that common method calls may panic
High
CVE-2022-23495
was published
for
github.com/ipfs/go-merkledag
(Go)
Dec 8, 2022
Yauaa vulnerable to ArrayIndexOutOfBoundsException triggered by a crafted Sec-Ch-Ua-Full-Version-List
High
CVE-2022-23496
was published
for
nl.basjes.parse.useragent:yauaa
(Maven)
Dec 8, 2022
Traefik HTTP/2 connections management could cause a denial of service
High
CVE-2022-39271
was published
for
github.com/traefik/traefik/v2
(Go)
Oct 10, 2022
Denial of service due to incorrect application of event authorization rules
High
CVE-2022-31152
was published
for
matrix-synapse
(pip)
Aug 31, 2022
Improper Handling of Exceptional Conditions in Newtonsoft.Json
High
CVE-2024-21907
was published
for
Newtonsoft.Json
(NuGet)
Jun 22, 2022
Improper Handling of Exceptional Conditions in Apache Tomcat
High
CVE-2017-5664
was published
for
org.apache.tomcat:tomcat
(Maven)
May 13, 2022
XMLTooling Library Incorrectly Handles Some Exceptions
High
CVE-2019-9628
was published
for
org.opensaml:xmltooling
(Maven)
May 13, 2022
•
withdrawn
Denial of Service in http-swagger
High
CVE-2022-24863
was published
for
github.com/swaggo/http-swagger
(Go)
Apr 22, 2022
simpleSAMLphp incorrectly handles XML encryption
High
CVE-2011-4625
was published
for
simplesamlphp/simplesamlphp
(Composer)
Apr 22, 2022
Improper Input Validation and Excessive Iteration in Go Facebook Thrift
High
CVE-2019-3564
was published
for
github.com/facebook/fbthrift
(Go)
Feb 15, 2022
Improper Handling of Exceptional Conditions and Improper Input Validation in Reactor Netty
High
CVE-2020-5403
was published
for
io.projectreactor.netty:reactor-netty-http
(Maven)
Feb 10, 2022
Parse Server crashes with query parameter
High
CVE-2021-39187
was published
for
parse-server
(npm)
Sep 2, 2021
Improper Handling of Exceptional Conditions in detect-character-encoding
High
CVE-2021-39157
was published
for
detect-character-encoding
(npm)
Aug 25, 2021
Improper Handling of Exceptional Conditions in Apache Tomcat
High
CVE-2021-30639
was published
for
org.apache.tomcat:tomcat
(Maven)
Aug 13, 2021
Ory fosite contains Improper Handling of Exceptional Conditions
High
CVE-2020-15223
was published
for
github.com/ory/fosite
(Go)
May 24, 2021
github.com/nats-io/nats-server Import token permissions checking not enforced
High
GHSA-j756-f273-xhp4
was published
for
github.com/nats-io/nats-server/v2
(Go)
May 21, 2021
ProTip!
Advisories are also available from the
GraphQL API