Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
48
Go
3,361
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,554
Pub
12
RubyGems
1,013
Rust
1,205
Swift
51
Unreviewed advisories
All unreviewed
5,000+

164 advisories

Loading
Denial of service in github.com/buger/jsonparser High
CVE-2026-32285 was published for github.com/buger/jsonparser (Go) Mar 18, 2026
westonsteimel Credited to westonsteimel
Apache Tomcat Coyote vulnerable to Denial of Service via excessive HTTP/2 streams High
CVE-2025-53506 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jul 10, 2025
fabien-chebel Credited to fabien-chebel and westonsteimel westonsteimel westonsteimel
Apache Tomcat Catalina is vulnerable to DoS attack through bypassing of size limits High
CVE-2025-52520 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jul 10, 2025
westonsteimel Credited to westonsteimel
Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT Critical
CVE-2025-24813 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Mar 10, 2025
westonsteimel Credited to westonsteimel and xuanzern xuanzern xuanzern
Keycloak mTLS Authentication Bypass via Reverse Proxy TLS Termination High
CVE-2024-10039 was published for org.keycloak:keycloak-core (Maven) Nov 25, 2024
ahus1 Credited to ahus1 and westonsteimel westonsteimel westonsteimel
Searching Opencast may cause a denial of service Moderate
CVE-2024-52797 was published for org.opencastproject:opencast-elasticsearch-impl (Maven) Nov 20, 2024
westonsteimel Credited to westonsteimel
Hashicorp Vault vulnerable to denial of service through memory exhaustion High
CVE-2024-8185 was published for github.com/hashicorp/vault (Go) Oct 31, 2024
westonsteimel Credited to westonsteimel
Exiv2 has a denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder Moderate
CVE-2024-25112 was published for exiv2 (pip) Oct 17, 2024
westonsteimel Credited to westonsteimel
Exiv2 has an out-of-bounds read in QuickTimeVideo::NikonTagsDecoder Moderate
CVE-2024-24826 was published for exiv2 (pip) Oct 17, 2024
westonsteimel Credited to westonsteimel
Vault Community Edition privilege escalation vulnerability High
CVE-2024-9180 was published for github.com/hashicorp/vault (Go) Oct 10, 2024
westonsteimel Credited to westonsteimel
Apache XML Graphics FOP XML External Entity Reference ('XXE') vulnerability Moderate
CVE-2024-28168 was published for org.apache.xmlgraphics:fop-core (Maven) Oct 9, 2024
westonsteimel Credited to westonsteimel
Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default High
CVE-2024-7594 was published for github.com/hashicorp/vault (Go) Sep 26, 2024
westonsteimel Credited to westonsteimel and cipherboy cipherboy cipherboy
Authz zero length regression Critical
CVE-2024-41110 was published for github.com/docker/docker (Go) Jul 30, 2024
corhere Credited to corhere, westonsteimel, and debasishbsws westonsteimel westonsteimel
debasishbsws debasishbsws
Apache Wicket: Remote code execution via XSLT injection High
CVE-2024-36522 was published for org.apache.wicket:wicket-util (Maven) Jul 12, 2024
westonsteimel Credited to westonsteimel
Hashicorp Vault vulnerable to Improper Check or Handling of Exceptional Conditions High
CVE-2024-6468 was published for github.com/hashicorp/vault (Go) Jul 11, 2024
westonsteimel Credited to westonsteimel
Apache Tomcat - Denial of Service High
CVE-2024-34750 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jul 3, 2024
westonsteimel Credited to westonsteimel
Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests Moderate
CVE-2024-24549 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Mar 13, 2024
oscerd Credited to oscerd and westonsteimel westonsteimel westonsteimel
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat Moderate
CVE-2024-23672 was published for org.apache.tomcat.embed:tomcat-embed-websocket (Maven) Mar 13, 2024
westonsteimel Credited to westonsteimel
Deno's deno_runtime vulnerable to interactive permission prompt spoofing via improper ANSI stripping High
CVE-2024-27936 was published for deno (Rust) Mar 5, 2024
Ry0taK Credited to Ry0taK and westonsteimel westonsteimel westonsteimel
Apache DolphinScheduler vulnerable to arbitrary JavaScript execution as root for authenticated users High
CVE-2024-23320 was published for org.apache.dolphinscheduler:dolphinscheduler-master (Maven) Feb 23, 2024
westonsteimel Credited to westonsteimel
Vulnerability affecting the org.openjfx:javafx-media maven component of the OpenJFX project Low
CVE-2024-20925 was published for org.openjfx:javafx-media (Maven) Feb 17, 2024
westonsteimel Credited to westonsteimel
Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information Moderate
CVE-2024-21733 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jan 19, 2024
westonsteimel Credited to westonsteimel
Password stored in a recoverable format by Jenkins OpenId Connect Authentication Plugin Moderate
CVE-2023-50770 was published for org.jenkins-ci.plugins:oic-auth (Maven) Dec 13, 2023
westonsteimel Credited to westonsteimel
Open redirect vulnerability in Jenkins OpenId Connect Authentication Plugin Moderate
CVE-2023-50771 was published for org.jenkins-ci.plugins:oic-auth (Maven) Dec 13, 2023
westonsteimel Credited to westonsteimel
HTTP/2 Stream Cancellation Attack Moderate
CVE-2023-44487 was published for com.typesafe.akka:akka-http-core (Go) Oct 10, 2023
joakime Credited to joakime, faroukfaiz10, DuyTran-TomTom, derekheld, ebickle, and westonsteimel faroukfaiz10 faroukfaiz10
DuyTran-TomTom DuyTran-TomTom derekheld derekheld ebickle ebickle westonsteimel westonsteimel
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database