GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
12 advisories
Filter by severity
Server Side Request Forgery in Apache Axis
High
CVE-2019-0227
was published
for
axis:axis
(Maven)
May 14, 2019
Observable Differences in Behavior to Error Inputs in Bouncy Castle
Moderate
CVE-2020-26939
was published
for
org.bouncycastle:bc-fips
(Maven)
Apr 22, 2021
Denial of service in Spring Security OAuth2
Moderate
CVE-2022-22969
was published
for
org.springframework.security.oauth:spring-security-oauth2
(Maven)
Apr 22, 2022
Improper Certificate Validation in Apache Commons HttpClient
Moderate
CVE-2012-5783
was published
for
commons-httpclient:commons-httpclient
(Maven)
May 13, 2022
Denial of service in Apache Struts
Moderate
CVE-2016-3093
was published
for
ognl:ognl
(Maven)
May 17, 2022
Apache Axis 1.x (EOL) may allow RCE when untrusted input is passed to getService
Critical
CVE-2023-40743
was published
for
axis:axis
(Maven)
Sep 5, 2023
HTTP/2 Stream Cancellation Attack
Moderate
CVE-2023-44487
was published
for
com.typesafe.akka:akka-http-core
(Go)
Oct 10, 2023
Bouncy Castle Denial of Service (DoS)
Moderate
CVE-2023-33202
was published
for
org.bouncycastle:bcpkix-jdk18on
(Maven)
Nov 23, 2023
Ion Java StackOverflow vulnerability
High
CVE-2024-21634
was published
for
com.amazon.ion:ion-java
(Maven)
Jan 3, 2024
Apache Axis Improper Input Validation vulnerability
High
CVE-2023-51441
was published
for
axis:axis
(Maven)
Jan 6, 2024
Denial of Service in Connect2id Nimbus JOSE+JWT
High
CVE-2023-52428
was published
for
com.nimbusds:nimbus-jose-jwt
(Maven)
Feb 11, 2024
Withdrawn: JJWT improperly generates signing keys
Moderate
CVE-2024-31033
was published
for
io.jsonwebtoken:jjwt-impl
(Maven)
Apr 1, 2024
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API