Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,968
Erlang
39
GitHub Actions
38
Go
2,616
Maven
5,000+
npm
4,255
NuGet
760
pip
4,040
Pub
12
RubyGems
953
Rust
1,050
Swift
45
Unreviewed advisories
All unreviewed
5,000+

30 advisories

Loading
XXL-JOB vulnerable to Server-Side Request Forgery (SSRF) High
CVE-2022-43183 was published for com.xuxueli:xxl-job-core (Maven) Nov 17, 2022
MarkLee131 achibear
Credited to MarkLee131 and achibear
Apache Kafka Connect vulnerable to Deserialization of Untrusted Data High
CVE-2023-25194 was published for org.apache.kafka:connect (Maven) Feb 7, 2023
MarkLee131
Credited to MarkLee131
RDF4J vulnerable to zip slip High
CVE-2018-20227 was published for org.eclipse.rdf4j:rdf4j (Maven) May 14, 2022
MarkLee131
Credited to MarkLee131
High severity vulnerability that affects io.vertx:vertx-web High
CVE-2018-12540 was published for io.vertx:vertx-web (Maven) Oct 17, 2018
MarkLee131
Credited to MarkLee131
Apache Geode vulnerable to Incorrect Authorization High
CVE-2017-15695 was published for org.apache.geode:geode-core (Maven) May 13, 2022
MarkLee131
Credited to MarkLee131
Restlet is vulnerable to Arbitrary Java Code Execution via crafted XML High
CVE-2013-4221 was published for org.restlet.jse:org.restlet (Maven) May 17, 2022
MarkLee131
Credited to MarkLee131
Spring Framework when used in combination with any versions of Spring Security contains an authorization bypass High
CVE-2018-1258 was published for org.springframework:spring-core (Maven) Oct 17, 2018
MarkLee131 sunSUNQ
Credited to MarkLee131 and sunSUNQ
Spring Security vulnerable to Authorization Bypass High
CVE-2018-15801 was published for org.springframework.security:spring-security-core (Maven) Dec 20, 2018
MarkLee131 sunSUNQ
Credited to MarkLee131 and sunSUNQ
Apache Geronimo Application Server multiple directory traversal vulnerabilities High
CVE-2008-5518 was published for org.apache.geronimo.plugins:console (Maven) May 14, 2022
MarkLee131
Credited to MarkLee131
Commons FileUpload Denial of service vulnerability High
CVE-2014-0050 was published for commons-fileupload:commons-fileupload (Maven) Dec 21, 2018
MarkLee131
Credited to MarkLee131
Improper certificate validation in org.apache.httpcomponents:httpclient High
CVE-2012-6153 was published for org.apache.httpcomponents:httpclient (Maven) Oct 17, 2018
MarkLee131
Credited to MarkLee131
Apache Geronimo JMX Remoting functionality allows remote code execution in 3.x before v3.0.1 High
CVE-2013-1777 was published for org.apache.geronimo.framework:geronimo-jmx-remoting (Maven) May 17, 2022
westonsteimel MarkLee131
Credited to westonsteimel and MarkLee131
Improper Control of Generation of Code in Apache Struts High
CVE-2013-1965 was published for org.apache.struts:struts2-core (Maven) May 14, 2022
sunSUNQ MarkLee131
Credited to sunSUNQ and MarkLee131
Arbitrary file write in Apache Commons Fileupload High
CVE-2013-2186 was published for commons-fileupload:commons-fileupload (Maven) May 14, 2022
MarkLee131
Credited to MarkLee131
Missing XML Validation in Apache Xerces2 High
CVE-2013-4002 was published for xerces:xercesImpl (Maven) May 13, 2022
MarkLee131
Credited to MarkLee131
Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents High
CVE-2018-8030 was published for org.apache.qpid:apache-qpid-broker-j (Maven) Oct 16, 2018
MarkLee131
Credited to MarkLee131
Race condition in org.apache.hbase:hbase-thrift High
CVE-2018-8025 was published for org.apache.hbase:hbase-thrift (Maven) Oct 18, 2018
MarkLee131
Credited to MarkLee131
Path Traversal in Hadoop High
CVE-2018-8009 was published for org.apache.hadoop:hadoop-main (Maven) Dec 21, 2018
MarkLee131
Credited to MarkLee131
Cleartext Transmission of Sensitive Information in Apache nifi High
CVE-2018-17195 was published for org.apache.nifi:nifi (Maven) Dec 20, 2018
MarkLee131
Credited to MarkLee131
Apache NiFi Improper Input Validation vulnerability High
CVE-2018-17194 was published for org.apache.nifi:nifi-framework-cluster (Maven) Dec 20, 2018
MarkLee131
Credited to MarkLee131
Improper Certificate Validation in proton-j High
CVE-2018-17187 was published for org.apache.qpid:proton-j (Maven) Nov 21, 2018
MarkLee131
Credited to MarkLee131
Improper Restriction of XML External Entity Reference in org.apache.syncope:syncope-core High
CVE-2018-17186 was published for org.apache.syncope:syncope-core (Maven) Nov 6, 2018
MarkLee131
Credited to MarkLee131
Authorization bypass in org.springframework.security.oauth:spring-security-oauth2 High
CVE-2018-15758 was published for org.springframework.security.oauth:spring-security-oauth2 (Maven) Oct 19, 2018
MarkLee131
Credited to MarkLee131
Issuer validation regression in Spring Cloud SSO Connector High
CVE-2018-1256 was published for io.pivotal.spring.cloud:spring-cloud-sso-connector (Maven) May 13, 2022
q5438722 MarkLee131
Credited to q5438722 and MarkLee131
High severity vulnerability that affects org.apache.syncope:syncope-core High
CVE-2018-1321 was published for org.apache.syncope:syncope-core (Maven) Nov 6, 2018
MarkLee131
Credited to MarkLee131
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database