Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,765 advisories

Loading
Insufficient Nonce Validation in Eclipse Milo Client High
CVE-2019-19135 was published for org.eclipse.milo:sdk-client (Maven) Mar 16, 2020
Remote Code Execution (RCE) vulnerability in dropwizard-validation High
CVE-2020-5245 was published for io.dropwizard:dropwizard-validation (Maven) Feb 24, 2020
pwntester SunBK201
HTTP Request Smuggling in Netty High
CVE-2020-7238 was published for io.netty:netty-handler (Maven) Feb 21, 2020
Improper Input Validation in Apache Solr High
CVE-2019-17558 was published for org.apache.solr:solr-core (Maven) Feb 12, 2020
Improper Restriction of XML External Entity Reference in jackson-mapper-asl High
CVE-2019-10172 was published for org.codehaus.jackson:jackson-mapper-asl (Maven) Feb 4, 2020
Server-Side Request Forgery (SSRF) in Apache Olingo High
CVE-2020-1925 was published for org.apache.olingo:odata-client-core (Maven) Feb 4, 2020
Improper input validation in Apache Olingo High
CVE-2019-17555 was published for org.apache.olingo:odata-client-core (Maven) Feb 4, 2020
Improper input validation in Apache Shiro High
CVE-2019-12422 was published for org.apache.shiro:shiro-core (Maven) Feb 4, 2020
Unauthenticated Access Via OAI-PMH High
CVE-2020-5228 was published for org.opencastproject:opencast-oaipmh-api (Maven) Jan 30, 2020
RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux Application High
CVE-2020-5398 was published for org.springframework:spring-webflux (Maven) Jan 21, 2020
briandealwis sunSUNQ
Insufficiently Protected Credentials in Apache Tomcat High
CVE-2019-12418 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Dec 26, 2019
In Apache Tomcat, when using FORM authentication there was a narrow window where an attacker could perform a session fixation attack High
CVE-2019-17563 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Dec 26, 2019
Apache NiFi user log out issue High
CVE-2019-12421 was published for org.apache.nifi:nifi-web-api (Maven) Dec 2, 2019
user/group information can be corrupted across storing in fsimage and reading back from fsimage High
CVE-2018-11768 was published for org.apache.hadoop:hadoop-main (Maven) Nov 20, 2019
Path traversal attack on Windows platforms High
CVE-2019-0207 was published for org.apache.tapestry:tapestry-core (Maven) Nov 18, 2019
Insufficiently Protected Credentials in Pivotal Reactor Netty High
CVE-2019-11284 was published for io.projectreactor.netty:reactor-netty (Maven) Oct 23, 2019
io.ratpack:ratpack-core vulnerable to Improper Neutralization of Special Elements in Output ('Injection') High
CVE-2019-17513 was published for io.ratpack:ratpack-core (Maven) Oct 21, 2019
Out-of-Memory Error in Bouncy Castle Crypto High
CVE-2019-17359 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 17, 2019
HTTP Request Smuggling in Netty High
CVE-2019-16869 was published for io.netty:netty-all (Maven) Oct 11, 2019
G-Rath westonsteimel
SunBK201
Denial of Service in Apache Commons Compress High
CVE-2019-12402 was published for io.github.1tchy.java9modular.org.apache.commons:commons-compress (Maven) Oct 11, 2019
Improper Input Validation and Cross-Site Request Forgery in Keycloak High
CVE-2019-10199 was published for org.keycloak:keycloak-core (Maven) Sep 23, 2019
OS Command Injection in Nexus Yum Repository Plugin High
CVE-2019-5475 was published for org.sonatype.nexus.plugins:nexus-yum-repository-plugin (Maven) Sep 11, 2019
Sensitive data written to disk unencrypted in Spark High
CVE-2019-10099 was published for org.apache.spark:spark-core_2.11 (Maven) Aug 8, 2019
Allocation of Resources Without Limits or Throttling in Apache Tika High
CVE-2019-10088 was published for org.apache.tika:tika-core (Maven) Aug 6, 2019
Allocation of Resources Without Limits or Throttling in Apache Tika High
CVE-2019-10094 was published for org.apache.tika:tika-core (Maven) Aug 6, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database