GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
280 advisories
Filter by severity
Race condition in org.apache.hbase:hbase-thrift
High
CVE-2018-8025
was published
for
org.apache.hbase:hbase-thrift
(Maven)
Oct 18, 2018
Moderate severity vulnerability that affects org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cxf.fediz:fediz-spring3
Moderate
CVE-2017-12631
was published
for
org.apache.cxf.fediz:fediz-spring
(Maven)
Oct 18, 2018
Improperly Implemented Security Check for Standard in org.springframework:spring-core
Critical
CVE-2018-1275
was published
for
org.springframework:spring-core
(Maven)
Oct 17, 2018
Path Traversal in org.springframework:spring-core
Moderate
CVE-2018-1271
was published
for
org.springframework:spring-core
(Maven)
Oct 17, 2018
Spring Framework when used in combination with any versions of Spring Security contains an authorization bypass
High
CVE-2018-1258
was published
for
org.springframework:spring-core
(Maven)
Oct 17, 2018
Denial of Service in org.springframework:spring-core
Moderate
CVE-2018-1257
was published
for
org.springframework:spring-core
(Maven)
Oct 17, 2018
Remote code execution occurs in Apache Solr
Critical
CVE-2017-12629
was published
for
org.apache.solr:solr-core
(Maven)
Oct 17, 2018
There is a XML external entity expansion (XXE) vulnerability in Apache Solr config files
Moderate
CVE-2018-8010
was published
for
org.apache.solr:solr-core
(Maven)
Oct 17, 2018
There is a XML external entity expansion (XXE) vulnerability in Apache Solr
High
CVE-2018-1308
was published
for
org.apache.solr:solr-core
(Maven)
Oct 17, 2018
XML external entity expansion in org.apache.solr:solr-core
Moderate
CVE-2018-8026
was published
for
org.apache.solr:solr-core
(Maven)
Oct 17, 2018
Spring Data Commons contain a property path parser vulnerability caused by unlimited resource allocation
High
CVE-2018-1274
was published
for
org.springframework.data:spring-data-commons
(Maven)
Oct 17, 2018
Spring Data Commons remote code injection vulnerability
Critical
CVE-2018-1273
was published
for
org.springframework.data:spring-data-commons
(Maven)
Oct 17, 2018
Moderate severity vulnerability that affects io.vertx:vertx-core
Moderate
CVE-2018-12544
was published
for
io.vertx:vertx-core
(Maven)
Oct 17, 2018
High severity vulnerability that affects io.vertx:vertx-web
High
CVE-2018-12540
was published
for
io.vertx:vertx-web
(Maven)
Oct 17, 2018
Comparison errorr in org.apache.tika:tika-core
Moderate
CVE-2018-8017
was published
for
org.apache.tika:tika-core
(Maven)
Oct 17, 2018
Apache Tika allows Java code execution for serialized objects embedded in MATLAB files
Critical
CVE-2016-6809
was published
for
org.apache.tika:tika-core
(Maven)
Oct 17, 2018
Improper certificate validation in org.apache.httpcomponents:httpclient
High
CVE-2012-6153
was published
for
org.apache.httpcomponents:httpclient
(Maven)
Oct 17, 2018
Improper Verification of Cryptographic Signature in org.apache.httpcomponents:httpclient
Moderate
CVE-2014-3577
was published
for
org.apache.httpcomponents:httpclient
(Maven)
Oct 17, 2018
Apache Camel's Mail is vulnerable to path traversal
Moderate
CVE-2018-8041
was published
for
org.apache.camel:camel-mail
(Maven)
Oct 16, 2018
Code execution via deserialization in org.apache.ignite:ignite-core
Critical
CVE-2018-8018
was published
for
org.apache.ignite:ignite-core
(Maven)
Oct 16, 2018
Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents
High
CVE-2018-8030
was published
for
org.apache.qpid:apache-qpid-broker-j
(Maven)
Oct 16, 2018
ZipSlip in org.apache.storm:storm-core
Moderate
CVE-2018-8008
was published
for
org.apache.storm:storm-core
(Maven)
Oct 16, 2018
Django vulnerable to information leakage in AuthenticationForm
High
CVE-2018-6188
was published
for
Django
(pip)
Oct 3, 2018
ProTip!
Advisories are also available from the
GraphQL API