Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

25 advisories

Loading
XStream can cause a Denial of Service by injecting deeply nested objects raising a stack overflow High
CVE-2022-40151 was published for com.thoughtworks.xstream:xstream (Maven) Dec 30, 2022
UnixAuthenticationService in Apache Ranger was updated to correctly handle user input to avoid Stack-based buffer overflow High
CVE-2018-11778 was published for org.apache.ranger:ranger (Maven) Oct 17, 2018
Uncontrolled Recursion in Akka HTTP High
CVE-2021-42697 was published for com.typesafe.akka:akka-http (Maven) May 24, 2022
Jettison Out-of-bounds Write vulnerability High
CVE-2022-45693 was published for org.codehaus.jettison:jettison (Maven) Dec 13, 2022
Jettison Out-of-bounds Write vulnerability High
CVE-2022-45685 was published for org.codehaus.jettison:jettison (Maven) Dec 13, 2022
protobuf susceptible to buffer overflow High
CVE-2015-5237 was published for Google.Protobuf (Composer) May 13, 2022
Denial of Service due to parser crash High
CVE-2022-40153 was published for com.fasterxml.woodstox:woodstox-core (Maven) Sep 17, 2022 withdrawn
Out-of-bounds Write in Play Framework High
CVE-2020-27196 was published for com.typesafe.play:play (Maven) Feb 10, 2022
genson vulnerable to stack exhaustion High
CVE-2023-34617 was published for com.owlike:genson (Maven) Jun 14, 2023
Denial of service in jackson-dataformats-text High
CVE-2023-3894 was published for com.fasterxml.jackson.dataformat:jackson-dataformats-text (Maven) Aug 8, 2023
Mochis
Unrestricted recursion in htmlunit High
CVE-2023-2798 was published for org.htmlunit:htmlunit (Maven) May 25, 2023
hjson stack exhaustion vulnerability High
CVE-2023-34620 was published for org.hjson:hjson (Maven) Jun 14, 2023
jjson vulnerable to stack exhaustion High
CVE-2023-35110 was published for de.grobmeier.json:jjson (Maven) Jun 14, 2023
sojo vulnerable to stack exhaustion High
CVE-2023-34613 was published for net.sf.sojo:sojo (Maven) Jun 14, 2023
ph-json vulnerable to stack exhaustion High
CVE-2023-34612 was published for com.helger.commons:ph-json (Maven) Jun 14, 2023
pbjson vulnerable to stack exhaustion High
CVE-2023-34616 was published for com.progsbase.libraries:JSON (Maven) Jun 14, 2023
json-io vulnerable to stack exhaustion High
CVE-2023-34610 was published for com.cedarsoftware:json-io (Maven) Jun 14, 2023
jsonij vulnerable to stack exhaustion High
CVE-2023-34614 was published for cc.plural:jsonij (Maven) Jun 14, 2023
hutool-core was discovered to contain a stack overflow via NumberUtil.toBigDecimal method High
CVE-2023-51080 was published for cn.hutool:hutool-core (Maven) Dec 27, 2023
henrikplate
Deeply nested json in jackson-databind High
CVE-2020-36518 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Mar 12, 2022
farbeiza-enverus stickycode
mr-c victornoel guima Zeouterlimits joschi JoshDM sunSUNQ
json stack overflow vulnerability High
CVE-2022-45688 was published for cn.hutool:hutool-json (Maven) Dec 13, 2022
westonsteimel aruneko
Decompressors can crash the JVM and leak memory content in Aircompressor High
CVE-2024-36114 was published for io.airlift:aircompressor (Maven) Jun 2, 2024
ptaoussanis Marcono1234
htmlcleaner vulnerable to stack exhaustion High
CVE-2023-34624 was published for net.sourceforge.htmlcleaner:htmlcleaner (Maven) Jun 14, 2023
onmyquest
Out of bounds read in json-smart High
CVE-2021-31684 was published for net.minidev:json-smart (Maven) Feb 10, 2022
afdesk
Eclipse Parsson stack overflow when parsing deeply nested input High
CVE-2023-7272 was published for org.eclipse.parsson:parsson (Maven) Jul 17, 2024
ProTip! Advisories are also available from the GraphQL API