GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,232
Erlang
31
GitHub Actions
20
Go
1,991
Maven
5,000+
npm
3,709
NuGet
661
pip
3,345
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
24 advisories
Filter by severity
UnixAuthenticationService in Apache Ranger was updated to correctly handle user input to avoid Stack-based buffer overflow
High
CVE-2018-11778
was published
for
org.apache.ranger:ranger
(Maven)
Oct 17, 2018
Out-of-bounds Write in Play Framework
High
CVE-2020-27196
was published
for
com.typesafe.play:play
(Maven)
Feb 10, 2022
Out of bounds read in json-smart
High
CVE-2021-31684
was published
for
net.minidev:json-smart
(Maven)
Feb 10, 2022
Deeply nested json in jackson-databind
High
CVE-2020-36518
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Mar 12, 2022
protobuf susceptible to buffer overflow
High
CVE-2015-5237
was published
for
Google.Protobuf
(Composer)
May 13, 2022
Uncontrolled Recursion in Akka HTTP
High
CVE-2021-42697
was published
for
com.typesafe.akka:akka-http
(Maven)
May 24, 2022
Denial of Service due to parser crash
High
CVE-2022-40153
was published
for
com.fasterxml.woodstox:woodstox-core
(Maven)
Sep 17, 2022
•
withdrawn
json stack overflow vulnerability
High
CVE-2022-45688
was published
for
cn.hutool:hutool-json
(Maven)
Dec 13, 2022
Jettison Out-of-bounds Write vulnerability
High
CVE-2022-45685
was published
for
org.codehaus.jettison:jettison
(Maven)
Dec 13, 2022
Jettison Out-of-bounds Write vulnerability
High
CVE-2022-45693
was published
for
org.codehaus.jettison:jettison
(Maven)
Dec 13, 2022
XStream can cause a Denial of Service by injecting deeply nested objects raising a stack overflow
High
CVE-2022-40151
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Dec 30, 2022
Unrestricted recursion in htmlunit
High
CVE-2023-2798
was published
for
org.htmlunit:htmlunit
(Maven)
May 25, 2023
htmlcleaner vulnerable to stack exhaustion
High
CVE-2023-34624
was published
for
net.sourceforge.htmlcleaner:htmlcleaner
(Maven)
Jun 14, 2023
genson vulnerable to stack exhaustion
High
CVE-2023-34617
was published
for
com.owlike:genson
(Maven)
Jun 14, 2023
hjson stack exhaustion vulnerability
High
CVE-2023-34620
was published
for
org.hjson:hjson
(Maven)
Jun 14, 2023
ph-json vulnerable to stack exhaustion
High
CVE-2023-34612
was published
for
com.helger.commons:ph-json
(Maven)
Jun 14, 2023
json-io vulnerable to stack exhaustion
High
CVE-2023-34610
was published
for
com.cedarsoftware:json-io
(Maven)
Jun 14, 2023
sojo vulnerable to stack exhaustion
High
CVE-2023-34613
was published
for
net.sf.sojo:sojo
(Maven)
Jun 14, 2023
pbjson vulnerable to stack exhaustion
High
CVE-2023-34616
was published
for
com.progsbase.libraries:JSON
(Maven)
Jun 14, 2023
jsonij vulnerable to stack exhaustion
High
CVE-2023-34614
was published
for
cc.plural:jsonij
(Maven)
Jun 14, 2023
jjson vulnerable to stack exhaustion
High
CVE-2023-35110
was published
for
de.grobmeier.json:jjson
(Maven)
Jun 14, 2023
Denial of service in jackson-dataformats-text
High
CVE-2023-3894
was published
for
com.fasterxml.jackson.dataformat:jackson-dataformats-text
(Maven)
Aug 8, 2023
hutool-core was discovered to contain a stack overflow via NumberUtil.toBigDecimal method
High
CVE-2023-51080
was published
for
cn.hutool:hutool-core
(Maven)
Dec 27, 2023
Decompressors can crash the JVM and leak memory content in Aircompressor
High
CVE-2024-36114
was published
for
io.airlift:aircompressor
(Maven)
Jun 2, 2024
ProTip!
Advisories are also available from the
GraphQL API