Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

16 advisories

Loading
Denial of Service in jquery High
CVE-2016-10707 was published for jQuery (RubyGems) Jan 22, 2018
Denial of Service in Elasticsearch Moderate
CVE-2021-22144 was published for org.elasticsearch:elasticsearch (Maven) Aug 9, 2021
Apache Log4j2 vulnerable to Improper Input Validation and Uncontrolled Recursion High
CVE-2021-45105 was published for org.apache.logging.log4j:log4j-core (Maven) Dec 18, 2021
chrisbloom7 levinebw
Uncontrolled Recursion in Play Framework High
CVE-2020-26883 was published for com.typesafe.play:play (Maven) Feb 10, 2022
Data Amplification in Play Framework High
CVE-2020-26882 was published for com.typesafe.play:play (Maven) Feb 10, 2022
Logic error in Apache Pinot High
CVE-2022-23974 was published for org.apache.pinot:pinot (Maven) Apr 6, 2022
Jenkins Token Macro Plugin's recursive token expansion results in information disclosure and DoS Moderate
CVE-2019-1003011 was published for org.jenkins-ci.plugins:token-macro (Maven) May 13, 2022
Apache ORC vulnerable to Uncontrolled Recursion High
CVE-2018-8015 was published for org.apache.orc:orc (Maven) May 13, 2022
Uncontrolled Recursion in Akka HTTP High
CVE-2021-42697 was published for com.typesafe.akka:akka-http (Maven) May 24, 2022
Jettison memory exhaustion High
CVE-2022-40150 was published for org.codehaus.jettison:jettison (Maven) Sep 17, 2022
HAProxyMessageDecoder Stack Exhaustion DoS Moderate
CVE-2022-41881 was published for io.netty:netty-codec-haproxy (Maven) Dec 12, 2022
XStream can cause Denial of Service via stack overflow High
CVE-2022-41966 was published for com.thoughtworks.xstream:xstream (Maven) Dec 29, 2022
Jettison vulnerable to infinite recursion High
CVE-2023-1436 was published for org.codehaus.jettison:jettison (Maven) Mar 22, 2023
json-smart Uncontrolled Recursion vulnerabilty High
CVE-2023-1370 was published for net.minidev:json-smart (Maven) Mar 23, 2023
Karate has vulnerable dependency on json-smart package (CVE-2023-1370) High
GHSA-5x5q-8cgm-2hjq was published for com.intuit.karate:karate-core (Maven) Mar 31, 2023
kdefives
Undertow Denial of Service vulnerability High
CVE-2024-5971 was published for io.undertow:undertow-core (Maven) Jul 8, 2024
fawind
ProTip! Advisories are also available from the GraphQL API