GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
56 advisories
Filter by severity
UnixAuthenticationService in Apache Ranger was updated to correctly handle user input to avoid Stack-based buffer overflow
High
CVE-2018-11778
was published
for
org.apache.ranger:ranger
(Maven)
Oct 17, 2018
Reflected Cross-site Scripting (XSS) in ACS Commons
Moderate
CVE-2021-21043
was published
for
com.adobe.acs:acs-aem-commons
(Maven)
May 13, 2021
Out-of-bounds Write in iText
Moderate
CVE-2022-24197
was published
for
com.itextpdf:itext7-core
(Maven)
Feb 2, 2022
Out-of-bounds Write in Play Framework
High
CVE-2020-27196
was published
for
com.typesafe.play:play
(Maven)
Feb 10, 2022
Out of bounds read in json-smart
High
CVE-2021-31684
was published
for
net.minidev:json-smart
(Maven)
Feb 10, 2022
Deeply nested json in jackson-databind
High
CVE-2020-36518
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Mar 12, 2022
protobuf susceptible to buffer overflow
High
CVE-2015-5237
was published
for
Google.Protobuf
(Composer)
May 13, 2022
Uncontrolled Recursion in Akka HTTP
High
CVE-2021-42697
was published
for
com.typesafe.akka:akka-http
(Maven)
May 24, 2022
Apache Hadoop heap overflow before v2.10.2, v3.2.3, v3.3.2
Critical
CVE-2021-37404
was published
for
org.apache.hadoop:hadoop-common
(Maven)
Jun 14, 2022
org.apache.activemq:artemis-core-client Vulnerable to Out-of-Bounds Write
Moderate
CVE-2021-4040
was published
for
org.apache.activemq:artemis-core-client
(Maven)
Aug 25, 2022
snakeYAML before 1.31 vulnerable to Denial of Service due to Out-of-bounds Write
Moderate
CVE-2022-38749
was published
for
be.cylab:snakeyaml
(Maven)
Sep 6, 2022
snakeYAML before 1.31 vulnerable to Denial of Service due to Out-of-bounds Write
Moderate
CVE-2022-38750
was published
for
org.yaml:snakeyaml
(Maven)
Sep 6, 2022
snakeYAML before 1.32 vulnerable to Denial of Service due to Out-of-bounds Write
Moderate
CVE-2022-38752
was published
for
org.yaml:snakeyaml
(Maven)
Sep 6, 2022
snakeYAML before 1.31 vulnerable to Denial of Service due to Out-of-bounds Write
Moderate
CVE-2022-38751
was published
for
org.yaml:snakeyaml
(Maven)
Sep 6, 2022
Jettison parser crash by stackoverflow
Moderate
CVE-2022-40149
was published
for
org.codehaus.jettison:jettison
(Maven)
Sep 17, 2022
Denial of Service via stack overflow
Low
CVE-2022-40154
was published
for
com.fasterxml.woodstox:woodstox-core
(Maven)
Sep 17, 2022
•
withdrawn
Denial of Service via stack overflow
Low
CVE-2022-40155
was published
for
com.fasterxml.woodstox:woodstox-core
(Maven)
Sep 17, 2022
•
withdrawn
Denial of Service due to parser crash
High
CVE-2022-40153
was published
for
com.fasterxml.woodstox:woodstox-core
(Maven)
Sep 17, 2022
•
withdrawn
JXPath Out-of-bounds Write vulnerability
Moderate
CVE-2022-40160
was published
for
commons-jxpath:commons-jxpath
(Maven)
Oct 6, 2022
•
withdrawn
JXPath Out-of-bounds Write vulnerability
Moderate
CVE-2022-40158
was published
for
commons-jxpath:commons-jxpath
(Maven)
Oct 6, 2022
•
withdrawn
JXPath Out-of-bounds Write vulnerability
Moderate
CVE-2022-40157
was published
for
commons-jxpath:commons-jxpath
(Maven)
Oct 6, 2022
•
withdrawn
JXPath Out-of-bounds Write vulnerability
Moderate
CVE-2022-40159
was published
for
commons-jxpath:commons-jxpath
(Maven)
Oct 6, 2022
•
withdrawn
JXPath Out-of-bounds Write vulnerability
Moderate
CVE-2022-40161
was published
for
commons-jxpath:commons-jxpath
(Maven)
Oct 6, 2022
•
withdrawn
Apache Commons BCEL vulnerable to out-of-bounds write
Critical
CVE-2022-42920
was published
for
org.apache.bcel:bcel
(Maven)
Nov 7, 2022
Snakeyaml vulnerable to Stack overflow leading to denial of service
Moderate
CVE-2022-41854
was published
for
org.yaml:snakeyaml
(Maven)
Nov 11, 2022
ProTip!
Advisories are also available from the
GraphQL API