GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
24 advisories
Filter by severity
XStream can cause a Denial of Service by injecting deeply nested objects raising a stack overflow
High
CVE-2022-40151
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Dec 30, 2022
UnixAuthenticationService in Apache Ranger was updated to correctly handle user input to avoid Stack-based buffer overflow
High
CVE-2018-11778
was published
for
org.apache.ranger:ranger
(Maven)
Oct 17, 2018
Uncontrolled Recursion in Akka HTTP
High
CVE-2021-42697
was published
for
com.typesafe.akka:akka-http
(Maven)
May 24, 2022
Jettison Out-of-bounds Write vulnerability
High
CVE-2022-45693
was published
for
org.codehaus.jettison:jettison
(Maven)
Dec 13, 2022
Jettison Out-of-bounds Write vulnerability
High
CVE-2022-45685
was published
for
org.codehaus.jettison:jettison
(Maven)
Dec 13, 2022
Denial of Service due to parser crash
High
CVE-2022-40153
was published
for
com.fasterxml.woodstox:woodstox-core
(Maven)
Sep 17, 2022
•
withdrawn
Out-of-bounds Write in Play Framework
High
CVE-2020-27196
was published
for
com.typesafe.play:play
(Maven)
Feb 10, 2022
genson vulnerable to stack exhaustion
High
CVE-2023-34617
was published
for
com.owlike:genson
(Maven)
Jun 14, 2023
Denial of service in jackson-dataformats-text
High
CVE-2023-3894
was published
for
com.fasterxml.jackson.dataformat:jackson-dataformats-text
(Maven)
Aug 8, 2023
Unrestricted recursion in htmlunit
High
CVE-2023-2798
was published
for
org.htmlunit:htmlunit
(Maven)
May 25, 2023
ph-json vulnerable to stack exhaustion
High
CVE-2023-34612
was published
for
com.helger.commons:ph-json
(Maven)
Jun 14, 2023
sojo vulnerable to stack exhaustion
High
CVE-2023-34613
was published
for
net.sf.sojo:sojo
(Maven)
Jun 14, 2023
hjson stack exhaustion vulnerability
High
CVE-2023-34620
was published
for
org.hjson:hjson
(Maven)
Jun 14, 2023
jjson vulnerable to stack exhaustion
High
CVE-2023-35110
was published
for
de.grobmeier.json:jjson
(Maven)
Jun 14, 2023
pbjson vulnerable to stack exhaustion
High
CVE-2023-34616
was published
for
com.progsbase.libraries:JSON
(Maven)
Jun 14, 2023
jsonij vulnerable to stack exhaustion
High
CVE-2023-34614
was published
for
cc.plural:jsonij
(Maven)
Jun 14, 2023
hutool-core was discovered to contain a stack overflow via NumberUtil.toBigDecimal method
High
CVE-2023-51080
was published
for
cn.hutool:hutool-core
(Maven)
Dec 27, 2023
Deeply nested json in jackson-databind
High
CVE-2020-36518
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Mar 12, 2022
json stack overflow vulnerability
High
CVE-2022-45688
was published
for
cn.hutool:hutool-json
(Maven)
Dec 13, 2022
Decompressors can crash the JVM and leak memory content in Aircompressor
High
CVE-2024-36114
was published
for
io.airlift:aircompressor
(Maven)
Jun 2, 2024
htmlcleaner vulnerable to stack exhaustion
High
CVE-2023-34624
was published
for
net.sourceforge.htmlcleaner:htmlcleaner
(Maven)
Jun 14, 2023
Out of bounds read in json-smart
High
CVE-2021-31684
was published
for
net.minidev:json-smart
(Maven)
Feb 10, 2022
protobuf susceptible to buffer overflow
High
CVE-2015-5237
was published
for
Google.Protobuf
(Composer)
May 13, 2022
json-io vulnerable to stack exhaustion
High
CVE-2023-34610
was published
for
com.cedarsoftware:json-io
(Maven)
Jun 14, 2023
ProTip!
Advisories are also available from the
GraphQL API