GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
4,978 advisories
Filter by severity
Improper input validation in Apache Olingo
High
CVE-2019-17555
was published
for
org.apache.olingo:odata-client-core
(Maven)
Feb 4, 2020
XSS in search engine
Moderate
CVE-2019-13234
was published
for
org.opencms:opencms-core
(Maven)
Nov 12, 2019
XSS issues in the management interface
Moderate
CVE-2019-13236
was published
for
org.opencms:opencms-core
(Maven)
Nov 12, 2019
Stored XSS in Apache Atlas
Moderate
CVE-2019-10070
was published
for
org.apache.atlas:apache-atlas
(Maven)
Jan 8, 2020
Authentication Bypass For Endpoints With Anonymous Access in Opencast
Critical
CVE-2020-5206
was published
for
org.opencastproject:opencast-kernel
(Maven)
Jan 30, 2020
Unsafe Identifiers in Opencast
Moderate
CVE-2020-5230
was published
for
org.opencastproject:base
(Maven)
Jan 30, 2020
Unauthenticated Access Via OAI-PMH
High
CVE-2020-5228
was published
for
org.opencastproject:opencast-oaipmh-api
(Maven)
Jan 30, 2020
Denial of service via deserialization attack in nifi
Moderate
CVE-2017-15703
was published
for
org.apache.nifi:nifi-framework-cluster-protocol
(Maven)
Oct 25, 2019
user/group information can be corrupted across storing in fsimage and reading back from fsimage
High
CVE-2018-11768
was published
for
org.apache.hadoop:hadoop-main
(Maven)
Nov 20, 2019
XSS in login form
Moderate
CVE-2019-13235
was published
for
org.opencms:opencms-core
(Maven)
Nov 12, 2019
Unencrypted passwords
Low
GHSA-q594-2475-8v9f
was published
for
org.apache.nifi:nifi-standard-processors
(Maven)
Feb 24, 2021
•
withdrawn
Privilege escalation vulnerability in Apache Hadoop
High
CVE-2018-8029
was published
for
org.apache.hadoop:hadoop-main
(Maven)
May 31, 2019
Elliptic Curve Key Disclosure
High
GHSA-h6wq-jw7q-grxv
was published
for
org.bitbucket.b_c:jose4j
(Maven)
Feb 24, 2021
•
withdrawn
Cross-Site Scripting in JSPWiki
Moderate
CVE-2019-10076
was published
for
org.apache.jspwiki:jspwiki-main
(Maven)
Jun 6, 2019
XML external entity (XXE) vulnerability
High
GHSA-c8m9-mh38-97p9
was published
for
org.jpmml:pmml-model
(Maven)
Feb 24, 2021
•
withdrawn
jackson-dataformat-xml vulnerable to XML external entity (XXE)
Critical
CVE-2016-3720
was published
for
com.fasterxml.jackson.dataformat:jackson-dataformat-xml
(Maven)
Oct 18, 2018
Keycloak SAML javascript protocol mapper: Uploading of scripts through admin console
High
CVE-2022-2668
was published
for
org.keycloak:keycloak-parent
(Maven)
Sep 23, 2022
OrientDB-Server vulnerable to Cross-Site Request Forgery
High
CVE-2015-2912
was published
for
com.orientechnologies:orientdb-studio
(Maven)
Oct 18, 2018
Jetty contains an alias issue that could allow unauthenticated remote code execution due to specially crafted request
Critical
CVE-2016-4800
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Oct 19, 2018
jackson-dataformat-xml vulnerable to server side request forgery (SSRF)
High
CVE-2016-7051
was published
for
com.fasterxml.jackson.dataformat:jackson-dataformat-xml
(Maven)
Oct 18, 2018
Keycloak vulnerable to uncontrolled resource consumption
High
CVE-2014-3651
was published
for
org.keycloak:keycloak-core
(Maven)
Oct 18, 2018
Keycloak vulnerable to infinite loop based Denial of Service
High
CVE-2017-2646
was published
for
org.keycloak:keycloak-core
(Maven)
Oct 18, 2018
Jetty vulnerable to exposure of sensitive information to unauthenticated remote users
High
CVE-2015-2080
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Nov 9, 2018
Keycloak vulnerable to Stored Cross site Scripting (XSS) when loading default roles
Moderate
CVE-2022-2256
was published
for
org.keycloak:keycloak-parent
(Maven)
Sep 23, 2022
XStream can cause a Denial of Service by injecting deeply nested objects raising a stack overflow
High
CVE-2022-40151
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Dec 30, 2022
ProTip!
Advisories are also available from the
GraphQL API