Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,765 advisories

Loading
Undertow Missing Authorization when requesting a protected directory without trailing slash High
CVE-2019-10184 was published for io.undertow:undertow-servlet (Maven) Aug 1, 2019
Deserialization of untrusted data in FasterXML jackson-databind High
CVE-2019-14439 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Aug 1, 2019
timtebeek
XML External Entity (XXE) Injection in Apache Solr High
CVE-2019-0193 was published for org.apache.solr:solr-core (Maven) Aug 1, 2019
Improper Restriction of XML External Entity Reference in DiffPlug Spotless High
CVE-2019-9843 was published for com.diffplug.spotless:spotless-maven-plugin (Maven) Jul 5, 2019
Insufficiently Protected Credentials and Improper Authentication in Spring Security High
CVE-2019-11272 was published for org.springframework.security:spring-security-cas (Maven) Jun 27, 2019
Improper Locking in Apache Tomcat High
CVE-2019-10072 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jun 26, 2019
sunSUNQ
XML Entity Expansion in Pippo High
CVE-2019-5442 was published for ro.pippo:pippo-jaxb (Maven) Jun 13, 2019
Privilege escalation vulnerability in Apache Hadoop High
CVE-2018-8029 was published for org.apache.hadoop:hadoop-main (Maven) May 31, 2019
XML External Entity injection in Apache Camel High
CVE-2019-0188 was published for org.apache.camel:camel-core (Maven) May 29, 2019
Path Traversal in DKPro Core High
CVE-2019-11082 was published for de.tudarmstadt.ukp.dkpro.core:de.tudarmstadt.ukp.dkpro.core.api.datasets-asl (Maven) May 29, 2019
Information exposure in FasterXML jackson-databind High
CVE-2019-12086 was published for com.fasterxml.jackson.core:jackson-databind (Maven) May 23, 2019
sunSUNQ
Server Side Request Forgery in Apache Axis High
CVE-2019-0227 was published for axis:axis (Maven) May 14, 2019
ebickle
Improper Input Validation in Apache Sanselan High
CVE-2018-17201 was published for org.apache.sanselan:sanselan (Maven) May 14, 2019
Infinite Loop in Apache Sanselan High
CVE-2018-17202 was published for org.apache.sanselan:sanselan (Maven) May 14, 2019
Path Traversal in Apache Camel High
CVE-2019-0194 was published for org.apache.camel:camel-core (Maven) May 2, 2019
Session Fixation in Apache Zeppelin High
CVE-2017-12619 was published for org.apache.zeppelin:zeppelin (Maven) Apr 24, 2019
Improper Authentication in Apache Zeppelin High
CVE-2018-1317 was published for org.apache.zeppelin:zeppelin (Maven) Apr 24, 2019
Billion laughs attack in c3p0 High
CVE-2019-5427 was published for com.mchange:c3p0 (Maven) Apr 23, 2019
Apache Tomcat OS Command Injection vulnerability High
CVE-2019-0232 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Apr 18, 2019
Cleartext Transmission of Sensitive Information, Inclusion of Functionality from Untrusted Control Sphere , and Download of Code Without Integrity Check in Eclipse hawkBit High
CVE-2019-10240 was published for org.eclipse.hawkbit:hawkbit-autoconfigure (Maven) Apr 15, 2019
Improper Limitation of a Pathname ('Path Traversal') in org.apache.jspwiki:jspwiki-war High
CVE-2019-0225 was published for org.apache.jspwiki:jspwiki-war (Maven) Apr 8, 2019
High severity vulnerability that affects com.github.shyiko.ktlint:ktlint-core High
CVE-2019-1010260 was published for com.github.shyiko.ktlint:ktlint-core (Maven) Apr 8, 2019
Improper Authorization in org.apache.hbase:hbase High
CVE-2019-0212 was published for org.apache.hbase:hbase (Maven) Apr 2, 2019
Improper Control of Generation of Code ('Code Injection') in org.apache.activemq:activemq-client High
CVE-2019-0222 was published for org.apache.activemq:activemq-client (Maven) Apr 2, 2019
sunSUNQ
Uncontrolled Resource Consumption in org.eclipse.jetty:jetty-server High
CVE-2018-12545 was published for org.eclipse.jetty:jetty-server (Maven) Mar 28, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database