GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,249
Erlang
31
GitHub Actions
21
Go
2,018
Maven
5,000+
npm
3,723
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
857
Swift
36
Unreviewed advisories
All unreviewed
5,000+
29 advisories
Filter by severity
RDF4J vulnerable to zip slip
High
CVE-2018-20227
was published
for
org.eclipse.rdf4j:rdf4j
(Maven)
May 14, 2022
High severity vulnerability that affects io.vertx:vertx-web
High
CVE-2018-12540
was published
for
io.vertx:vertx-web
(Maven)
Oct 17, 2018
Apache Geode vulnerable to Incorrect Authorization
High
CVE-2017-15695
was published
for
org.apache.geode:geode-core
(Maven)
May 13, 2022
Restlet is vulnerable to Arbitrary Java Code Execution via crafted XML
High
CVE-2013-4221
was published
for
org.restlet.jse:org.restlet
(Maven)
May 17, 2022
Spring Framework when used in combination with any versions of Spring Security contains an authorization bypass
High
CVE-2018-1258
was published
for
org.springframework:spring-core
(Maven)
Oct 17, 2018
Spring Security vulnerable to Authorization Bypass
High
CVE-2018-15801
was published
for
org.springframework.security:spring-security-core
(Maven)
Dec 20, 2018
Apache Geronimo Application Server multiple directory traversal vulnerabilities
High
CVE-2008-5518
was published
for
org.apache.geronimo.plugins:console
(Maven)
May 14, 2022
Commons FileUpload Denial of service vulnerability
High
CVE-2014-0050
was published
for
commons-fileupload:commons-fileupload
(Maven)
Dec 21, 2018
Improper certificate validation in org.apache.httpcomponents:httpclient
High
CVE-2012-6153
was published
for
org.apache.httpcomponents:httpclient
(Maven)
Oct 17, 2018
Apache Geronimo JMX Remoting functionality allows remote code execution in 3.x before v3.0.1
High
CVE-2013-1777
was published
for
org.apache.geronimo.framework:geronimo-jmx-remoting
(Maven)
May 17, 2022
Improper Control of Generation of Code in Apache Struts
High
CVE-2013-1965
was published
for
org.apache.struts:struts2-core
(Maven)
May 14, 2022
Arbitrary file write in Apache Commons Fileupload
High
CVE-2013-2186
was published
for
commons-fileupload:commons-fileupload
(Maven)
May 14, 2022
Missing XML Validation in Apache Xerces2
High
CVE-2013-4002
was published
for
xerces:xercesImpl
(Maven)
May 13, 2022
Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents
High
CVE-2018-8030
was published
for
org.apache.qpid:apache-qpid-broker-j
(Maven)
Oct 16, 2018
Race condition in org.apache.hbase:hbase-thrift
High
CVE-2018-8025
was published
for
org.apache.hbase:hbase-thrift
(Maven)
Oct 18, 2018
Path Traversal in Hadoop
High
CVE-2018-8009
was published
for
org.apache.hadoop:hadoop-main
(Maven)
Dec 21, 2018
Cleartext Transmission of Sensitive Information in Apache nifi
High
CVE-2018-17195
was published
for
org.apache.nifi:nifi
(Maven)
Dec 20, 2018
Apache NiFi Improper Input Validation vulnerability
High
CVE-2018-17194
was published
for
org.apache.nifi:nifi-framework-cluster
(Maven)
Dec 20, 2018
Improper Certificate Validation in proton-j
High
CVE-2018-17187
was published
for
org.apache.qpid:proton-j
(Maven)
Nov 21, 2018
Improper Restriction of XML External Entity Reference in org.apache.syncope:syncope-core
High
CVE-2018-17186
was published
for
org.apache.syncope:syncope-core
(Maven)
Nov 6, 2018
Authorization bypass in org.springframework.security.oauth:spring-security-oauth2
High
CVE-2018-15758
was published
for
org.springframework.security.oauth:spring-security-oauth2
(Maven)
Oct 19, 2018
Issuer validation regression in Spring Cloud SSO Connector
High
CVE-2018-1256
was published
for
io.pivotal.spring.cloud:spring-cloud-sso-connector
(Maven)
May 13, 2022
High severity vulnerability that affects org.apache.syncope:syncope-core
High
CVE-2018-1321
was published
for
org.apache.syncope:syncope-core
(Maven)
Nov 6, 2018
Improper Input Validation in Apache Thrift
High
CVE-2018-1320
was published
for
org.apache.thrift:libthrift
(Maven)
Jan 17, 2019
There is a XML external entity expansion (XXE) vulnerability in Apache Solr
High
CVE-2018-1308
was published
for
org.apache.solr:solr-core
(Maven)
Oct 17, 2018
ProTip!
Advisories are also available from the
GraphQL API