Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,969 advisories

Loading
Cross-Site Request Forgery in XXL-Job High
CVE-2022-29002 was published for com.xuxueli:xxl-job (Maven) May 24, 2022
Improper Input Validation in Apache Kafka High
CVE-2018-17196 was published for org.apache.kafka:kafka (Maven) May 24, 2022
Deserialization of Untrusted Data in Spring-flex High
CVE-2017-3203 was published for org.springframework.flex:spring-flex (Maven) May 13, 2022
Deserialization of Untrusted Data in Infinispan High
CVE-2018-1131 was published for org.infinispan:infinispan-core (Maven) May 13, 2022
Uncaught Exception in jsoup High
CVE-2021-37714 was published for org.jsoup:jsoup (Maven) Aug 23, 2021
0roman
Credited to 0roman
Logic error in Legion of the Bouncy Castle BC Java High
CVE-2020-28052 was published for org.bouncycastle:bcprov-ext-jdk15on (Maven) Apr 30, 2021
Improper Access Control in Apache Hadoop High
CVE-2016-5393 was published for org.apache.hadoop:hadoop-common (Maven) May 17, 2022
Improper Input Validation in Apache Axis2 High
CVE-2010-1632 was published for org.apache.axis2.wso2:axis2 (Maven) May 17, 2022
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39153 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39141 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
Improper Privilege Management in Elasticsearch High
CVE-2020-7009 was published for org.elasticsearch:elasticsearch (Maven) May 24, 2022
Improper Handling of Length Parameter Inconsistency in Compress High
CVE-2021-36090 was published for org.apache.commons:commons-compress (Maven) Aug 2, 2021
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39154 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
ka1n4t
Credited to ka1n4t
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39149 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
Buffer Overflow in Apache Mina SSHD High
CVE-2021-30129 was published for org.apache.sshd:sshd-core (Maven) Aug 2, 2021
Apache Geode versions deserialization of untrusted datawhen using JMX over RMI on Java 11 High
CVE-2022-37022 was published for org.apache.geode:geode-core (Maven) Sep 1, 2022
Excessive Iteration in Compress High
CVE-2021-35515 was published for org.apache.commons:commons-compress (Maven) Aug 2, 2021
Cross-Site Request Forgery in Jolokia High
CVE-2018-10899 was published for org.jolokia:jolokia-core (Maven) May 24, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Jasypt High
CVE-2014-9970 was published for org.jasypt:jasypt (Maven) May 14, 2022
Spring Data Commons, used in combination with XMLBeam, contains a property binder vulnerability caused by improper restriction of XML external entity references High
CVE-2018-1259 was published for org.springframework.data:spring-data-commons (Maven) Oct 17, 2018
Incorrect Resource Transfer Between Spheres in Grails High
CVE-2019-12728 was published for org.grails:grails-core (Maven) May 24, 2022
Direct Web Remoting vulnerable to Denial of Service High
CVE-2007-0185 was published for org.directwebremoting:dwr (Maven) May 1, 2022
OutOfMemory Exception by specifically crafted processing instruction in NekoHtml Parser High
CVE-2022-29546 was published for net.sourceforge.htmlunit:neko-htmlunit (Maven) Apr 26, 2022
kurt-r2c
Credited to kurt-r2c
Client BlockTokens not checked in Apache Hadoop High
CVE-2012-3376 was published for org.apache.hadoop:hadoop-client (Maven) May 17, 2022
Improper Input Validation Apache Commons Email High
CVE-2018-1294 was published for org.apache.commons:commons-email (Maven) May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database