GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
250 advisories
Filter by severity
Improper input validation in Apache Olingo
High
CVE-2019-17555
was published
for
org.apache.olingo:odata-client-core
(Maven)
Feb 4, 2020
Negative charge in shopping cart in Shopizer
Critical
CVE-2020-11007
was published
for
com.shopizer:sm-core-model
(Maven)
Apr 22, 2020
Moderate severity vulnerability that affects org.apache.qpid:apache-qpid-broker-j
Moderate
CVE-2018-1298
was published
for
org.apache.qpid:apache-qpid-broker-j
(Maven)
Oct 19, 2018
Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '' wildcard character
Critical
CVE-2017-7676
was published
for
org.apache.ranger:ranger
(Maven)
Oct 17, 2018
Moderate severity vulnerability that affects org.apache.struts:struts2-rest-plugin
Moderate
CVE-2017-15707
was published
for
org.apache.struts:struts2-rest-plugin
(Maven)
Oct 16, 2018
The REST Plugin in Apache Struts is using an outdated XStream library
High
CVE-2017-9793
was published
for
org.apache.struts:struts2-rest-plugin
(Maven)
Oct 16, 2018
Moderate severity vulnerability that affects org.apache.oozie:oozie-core
Moderate
CVE-2018-11799
was published
for
org.apache.oozie:oozie-core
(Maven)
Dec 20, 2018
Denial of service in XStream
High
CVE-2017-7957
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Jun 30, 2020
Improper Input Validation in async-http-client
High
CVE-2017-14063
was published
for
org.asynchttpclient:async-http-client
(Maven)
Oct 19, 2018
Vulnerability in RPKI manifest validation
High
GHSA-q76j-58cx-wp5v
was published
for
net.ripe.rpki:rpki-validator-3
(Maven)
Nov 13, 2020
Man-in-the-middle attack in Apache Axis
Moderate
CVE-2012-5784
was published
for
axis:axis
(Maven)
Oct 7, 2020
Directory traversal in development mode handler in Vaadin 14 and 15-17
Moderate
GHSA-82mf-mmh7-hxp5
was published
for
com.vaadin:vaadin-bom
(Maven)
Apr 19, 2021
Remote code injection, Improper Input Validation and Uncontrolled Recursion in Log4j library
Critical
GHSA-3qpm-h9ch-px3c
was published
for
org.powernukkit:powernukkit
(Maven)
Jan 6, 2022
Security Advisory for "Log4Shell"
Critical
GHSA-v57x-gxfj-484q
was published
for
com.hazelcast.jet:hazelcast-jet
(Maven)
Jan 21, 2022
Improper Input Validation in Mortbay Jetty
Moderate
CVE-2006-2759
was published
for
org.mortbay.jetty:jetty
(Maven)
May 1, 2022
Improper input validation in Mort Bay Jetty
High
CVE-2009-4611
was published
for
org.mortbay.jetty:jetty
(Maven)
May 2, 2022
Improper Input Validation in BeanShell
High
CVE-2016-2510
was published
for
org.apache-extras.beanshell:bsh
(Maven)
May 13, 2022
Improper Input Validation in Jenkins
High
CVE-2017-1000391
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
Improper Input Validation in Apache Hadoop
High
CVE-2017-3162
was published
for
org.apache.hadoop:hadoop-client
(Maven)
May 13, 2022
Improper Input Validation in Apache Struts
High
CVE-2016-1181
was published
for
org.apache.struts:struts-core
(Maven)
May 13, 2022
Improper Input Validation in Apache Axis2
Moderate
CVE-2012-5785
was published
for
org.apache.axis2:axis2
(Maven)
May 17, 2022
Improper Input Validation in Apache Tomcat
Moderate
CVE-2011-4858
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Improper Input Validation in Jenkins
High
CVE-2017-1000394
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
Improper Input Validation in Spring AMQP
Critical
CVE-2016-2173
was published
for
org.springframework.amqp:spring-amqp
(Maven)
May 13, 2022
Improper Input Validation in libpam4j
Moderate
CVE-2017-12197
was published
for
org.kohsuke:libpam4j
(Maven)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API