Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+

349 advisories

Loading
Django Denial-of-service possibility in truncatechars_html and truncatewords_html template filters Low
CVE-2018-7537 was published for django (pip) Jan 4, 2019
sunSUNQ
Spring Security vulnerable to Authorization Bypass High
CVE-2018-15801 was published for org.springframework.security:spring-security-core (Maven) Dec 20, 2018
MarkLee131 sunSUNQ
Apache ActiveMQ web console vulnerable to Cross-site Scripting Moderate
CVE-2018-8006 was published for org.apache.activemq:activemq-web-console (Maven) Oct 30, 2018
sunSUNQ
Improper Certificate Validation in Apache activemq-client High
CVE-2018-11775 was published for org.apache.activemq:activemq-client (Maven) Oct 19, 2018
sunSUNQ
Apache CXF TLS hostname verification does not work correctly with com.sun.net.ssl.* High
CVE-2018-8039 was published for org.apache.cxf:apache-cxf (Maven) Oct 19, 2018
sunSUNQ
Apache Struts vulnerable to remote command execution (RCE) due to improper input validation High
CVE-2018-11776 was published for org.apache.struts:struts2-core (Maven) Oct 18, 2018
sunSUNQ
Apache Struts vulnerable to remote arbitrary command execution due to improper input validation Critical
CVE-2017-5638 was published for org.apache.struts:struts2-core (Maven) Oct 18, 2018
sunSUNQ
jackson-databind vulnerable to remote code execution due to incorrect deserialization and blocklist bypass Critical
CVE-2017-17485 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Oct 18, 2018
sunSUNQ
jackson-databind vulnerable to deserialization flaw leading to unauthenticated remote code execution Critical
CVE-2017-15095 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Oct 18, 2018
sunSUNQ
Spring Security and Spring Framework may not recognize certain paths that should be protected High
CVE-2016-5007 was published for org.springframework.security:spring-security-core (Maven) Oct 17, 2018
sunSUNQ
Files or Directories Accessible to External Parties in org.springframework:spring-core High
CVE-2015-5211 was published for org.springframework:spring-core (Maven) Oct 17, 2018
sunSUNQ
Pivotal Spring Framework DoS Attack with XML Input Moderate
CVE-2015-3192 was published for org.springframework:spring-web (Maven) Oct 17, 2018
sunSUNQ
Moderate severity vulnerability that affects org.springframework:spring-core Moderate
CVE-2015-0201 was published for org.springframework:spring-core (Maven) Oct 17, 2018
sunSUNQ
Improperly Implemented Security Check for Standard in org.springframework:spring-core Critical
CVE-2018-1275 was published for org.springframework:spring-core (Maven) Oct 17, 2018
sunSUNQ MarkLee131
Path Traversal in org.springframework:spring-core Moderate
CVE-2018-1271 was published for org.springframework:spring-core (Maven) Oct 17, 2018
sunSUNQ MarkLee131
Spring Framework when used in combination with any versions of Spring Security contains an authorization bypass High
CVE-2018-1258 was published for org.springframework:spring-core (Maven) Oct 17, 2018
MarkLee131 sunSUNQ
Denial of Service in org.springframework:spring-core Moderate
CVE-2018-1257 was published for org.springframework:spring-core (Maven) Oct 17, 2018
sunSUNQ MarkLee131
Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core Moderate
CVE-2018-1199 was published for org.springframework.security:spring-security-core (Maven) Oct 17, 2018
sunSUNQ
Apache Tomcat Race Condition vulnerability Moderate
CVE-2018-8037 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 17, 2018
sunSUNQ
The host name verification missing in Apache Tomcat High
CVE-2018-8034 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 17, 2018
sunSUNQ
The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins Critical
CVE-2018-8014 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 17, 2018
sunSUNQ
In Apache Tomcat there is an improper handing of overflow in the UTF-8 decoder High
CVE-2018-1336 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 17, 2018
sunSUNQ
Apache Tomcat information exposure vulnerability Moderate
CVE-2018-1305 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 17, 2018
sunSUNQ
Apache Tomcat unauthorized access vulnerability Moderate
CVE-2018-1304 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 17, 2018
sunSUNQ
Apache Tomcat Open Redirect vulnerability Moderate
CVE-2018-11784 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 17, 2018
sunSUNQ
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database