Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

720 advisories

Loading
Server-Side Request Forgery in Hawt Hawtio Critical
CVE-2019-9827 was published for io.hawt:hawtio-core (Maven) Jul 5, 2019
Credential exposure through log files in Undertow Critical
CVE-2019-3888 was published for io.undertow:undertow-core (Maven) Jun 13, 2019
Command Injection in Xstream Critical
CVE-2013-7285 was published for com.thoughtworks.xstream:xstream (Maven) May 29, 2019
mmabdpr MarkLee131
Server-Side Request Forgery (SSRF) in com.ctrip.framework.apollo:apollo Critical
CVE-2019-10686 was published for com.ctrip.framework.apollo:apollo (Maven) Apr 18, 2019
Improper Input Validation in net.sf.robocode:robocode.host allows for external service interaction Critical
CVE-2019-10648 was published for net.sf.robocode:robocode.host (Maven) Apr 2, 2019
Critical severity vulnerability that affects org.apache.solr:solr-core Critical
CVE-2019-0192 was published for org.apache.solr:solr-core (Maven) Mar 14, 2019
Unauthenticated Remote Code Execution in Apache JMeter Critical
CVE-2019-0187 was published for org.apache.jmeter:ApacheJMeter (Maven) Mar 7, 2019
Incomplete List of Disallowed Inputs in SOFA-Hessian Critical
CVE-2019-9212 was published for com.alipay.sofa:hessian (Maven) Mar 6, 2019
Vulnerability that affects org.springframework.ws:spring-ws and org.springframework.ws:spring-xml Critical
CVE-2019-3773 was published for org.springframework.ws:spring-ws (Maven) Jan 25, 2019
XML External Entity Reference in Apache Karaf Critical
CVE-2018-11788 was published for org.apache.karaf.specs:org.apache.karaf.specs.java.xml (Maven) Jan 7, 2019
XML External Entity Reference in mchange:c3p0 Critical
CVE-2018-20433 was published for com.mchange:c3p0 (Maven) Jan 7, 2019
Arbitrary Code Execution in jackson-databind Critical
CVE-2018-14719 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jan 4, 2019
XML External Entity Reference (XXE) in jackson-databind Critical
CVE-2018-14720 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jan 4, 2019
G-Rath
Server-Side Request Forgery (SSRF) in jackson-databind Critical
CVE-2018-14721 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jan 4, 2019
com.fasterxml.jackson.core:jackson-databind vulnerable to Deserialization of Untrusted Data Critical
CVE-2018-19362 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jan 4, 2019
sunSUNQ
Deserialization of Untrusted Data in jackson-databind Critical
CVE-2018-19361 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jan 4, 2019
Deserialization of Untrusted Data in jackson-databind due to polymorphic deserialization Critical
CVE-2018-19360 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jan 4, 2019
G-Rath
Arbitrary Code Execution in jackson-databind Critical
CVE-2018-14718 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jan 4, 2019
Improper Access Control in commons-fileupload Critical
CVE-2016-1000031 was published for commons-fileupload:commons-fileupload (Maven) Dec 21, 2018
Exposure of Sensitive Information in Hadoop Critical
CVE-2017-15718 was published for org.apache.hadoop:hadoop-main (Maven) Dec 21, 2018
XML External Entity (XXE) vulnerability in Square Retrofit Critical
CVE-2018-1000844 was published for com.squareup.retrofit2:retrofit (Maven) Dec 21, 2018
Remote Code Execution in esigate-core Critical
CVE-2018-1000854 was published for org.esigate:esigate-core (Maven) Dec 21, 2018
XML External Entity (XXE) vulnerability in bw-calendar-engine Critical
CVE-2018-1000836 was published for org.bedework.caleng:bw-calendar-engine (Maven) Dec 20, 2018
exist-db:exist-core XML External Entity (XXE) vulnerability Critical
CVE-2018-1000823 was published for org.exist-db:exist-core (Maven) Dec 20, 2018
XML External Entity (XXE) vulnerability in codelibs fess Critical
CVE-2018-1000822 was published for org.codelibs.fess:fess (Maven) Dec 20, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database