Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+

2,449 advisories

Loading
Cross-site Scripting in Apache UIMA Moderate
CVE-2018-8035 was published for org.apache.uima:uima-ducc-web (Maven) May 14, 2019
Cross-site scripting in Apache Archiva Moderate
CVE-2019-0213 was published for org.apache.archiva:archiva (Maven) May 14, 2019
Improper Input Validation in Apache Archiva Moderate
CVE-2019-0214 was published for org.apache.archiva:archiva (Maven) May 14, 2019
Exposure of Sensitive Information to an Unauthorized Actor in Keycloak Moderate
CVE-2019-3868 was published for org.keycloak:keycloak-core (Maven) Apr 30, 2019
XSS in jQuery as used in Drupal, Backdrop CMS, and other products Moderate
CVE-2019-11358 was published for django (RubyGems) Apr 26, 2019
klaudialax eoftedal
Rudloff
Cross-site Scripting in Apache Zeppelin Moderate
CVE-2018-1328 was published for org.apache.zeppelin:zeppelin (Maven) Apr 24, 2019
Information Exposure vulnerability in Eclipse Jetty Moderate
CVE-2019-10246 was published for org.eclipse.jetty:jetty-server (Maven) Apr 23, 2019
Installation information leak in Eclipse Jetty Moderate
CVE-2019-10247 was published for org.eclipse.jetty:jetty-server (Maven) Apr 23, 2019
Cross-site Scripting in Eclipse Jetty Moderate
CVE-2019-10241 was published for org.eclipse.jetty:jetty-server (Maven) Apr 23, 2019
Duplicate Advisory: Prototype Pollution in jquery Moderate
CVE-2019-5428 was published for jquery (RubyGems) Apr 23, 2019 withdrawn
kurt-r2c
Missing Encryption of Sensitive Data in arrow-kt Arrow Moderate
CVE-2019-11404 was published for io.arrow-kt:arrow-ank-gradle (Maven) Apr 22, 2019
Moderate severity vulnerability that affects org.apache.tomcat.embed:tomcat-embed-core Moderate
GHSA-r53m-pfr5-7v87 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Apr 18, 2019 withdrawn
Spring Security uses insufficiently random values Moderate
CVE-2019-3795 was published for org.springframework.security:spring-security-core (Maven) Apr 16, 2019
Moderate severity vulnerability that affects org.apache.jspwiki:jspwiki-main Moderate
CVE-2019-0224 was published for org.apache.jspwiki:jspwiki-main (Maven) Apr 2, 2019
Moderate severity vulnerability that affects org.apache.karaf:apache-karaf and org.apache.karaf:karaf Moderate
CVE-2019-0191 was published for org.apache.karaf:apache-karaf (Maven) Mar 25, 2019
Apache Commons Compress vulnerable to denial of service due to infinite loop Moderate
CVE-2018-1324 was published for com.liferay:com.liferay.portal.tools.bundle.support (Maven) Mar 14, 2019
wtwhite MarkLee131
Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark Moderate
CVE-2018-1334 was published for org.apache.spark:spark-core_2.10 (Maven) Mar 14, 2019
Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark via crafted URL Moderate
CVE-2018-8024 was published for org.apache.spark:spark-core_2.10 (Maven) Mar 14, 2019
Moderate severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service Moderate
CVE-2017-12625 was published for org.apache.hive:hive (Maven) Mar 14, 2019
spring-security-oauth and spring-security-oauth2 Open Redirect vulnerability Moderate
CVE-2019-3778 was published for org.springframework.security.oauth:spring-security-oauth (Maven) Mar 14, 2019
davidsnt
Moderate severity vulnerability that affects com.puppycrawl.tools:checkstyle Moderate
CVE-2019-9658 was published for com.puppycrawl.tools:checkstyle (Maven) Mar 14, 2019
Moderate severity vulnerability that affects org.b3log:symphony Moderate
CVE-2019-9142 was published for org.b3log:symphony (Maven) Mar 6, 2019
Bootstrap Vulnerable to Cross-Site Scripting Moderate
CVE-2019-8331 was published for Bootstrap.Less (RubyGems) Feb 22, 2019
Cross-site Scripting in jspwiki-war Moderate
CVE-2018-20242 was published for org.apache.jspwiki:jspwiki-war (Maven) Feb 12, 2019
bootstrap Cross-site Scripting vulnerability Moderate
CVE-2018-20677 was published for bootstrap (RubyGems) Jan 17, 2019
tdunlap607
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database