Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,193
Erlang
25
GitHub Actions
39
Go
2,385
Maven
3,027
npm
3,078
NuGet
529
pip
2,897
Pub
5
RubyGems
442
Rust
905
Swift
20
Unreviewed advisories
All unreviewed
5,000+

6 advisories

Loading
Jackson Core: Document length constraint bypass in blocking, async, and DataInput parsers High
GHSA-2m67-wjpj-xhg9 was published for tools.jackson.core:jackson-core (Maven) Apr 4, 2026
anyzy2003 Credited to anyzy2003, Adrian-Hirt, and pjfanning Adrian-Hirt Adrian-Hirt
pjfanning pjfanning
LZ4 Java Compression has Out-of-bounds memory operations which can cause DoS High
CVE-2025-12183 was published for at.yawk.lz4:lz4-java (Maven) Nov 28, 2025
Marcono1234 Credited to Marcono1234 and pjfanning pjfanning pjfanning
QOS.CH logback-core Expression Language Injection vulnerability Moderate
CVE-2024-12798 was published for ch.qos.logback:logback-core (Maven) Dec 19, 2024
HTHou Credited to HTHou, perexis, GoetzGoerisch, and pjfanning perexis perexis
GoetzGoerisch GoetzGoerisch pjfanning pjfanning
QOS.CH logback-core Server-Side Request Forgery vulnerability Low
CVE-2024-12801 was published for ch.qos.logback:logback-core (Maven) Dec 19, 2024
HTHou Credited to HTHou and pjfanning pjfanning pjfanning
Apache Kafka Clients: Privilege escalation to filesystem read-access via automatic ConfigProvider Moderate
CVE-2024-31141 was published for org.apache.kafka:kafka-clients (Maven) Nov 19, 2024
pjfanning Credited to pjfanning
SnakeYaml Constructor Deserialization Remote Code Execution High
CVE-2022-1471 was published for org.yaml:snakeyaml (Maven) Dec 12, 2022
justintaft Credited to justintaft, securisec, JLLeitschuh, DmitriyLewen, yairmzr, and pjfanning securisec securisec
JLLeitschuh JLLeitschuh DmitriyLewen DmitriyLewen yairmzr yairmzr pjfanning pjfanning
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database