Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

349 advisories

Loading
Apache ActiveMQ Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet Moderate
CVE-2013-1880 was published for org.apache.activemq:activemq-core (Maven) May 17, 2022
sunSUNQ
Improper Authentication in Apache ActiveMQ Moderate
CVE-2013-3060 was published for org.apache.activemq:activemq-client (Maven) May 17, 2022
sunSUNQ
Apache Struts XSS Vulnerability Moderate
CVE-2016-2162 was published for org.apache.struts:struts2-core (Maven) May 17, 2022
sunSUNQ
Improper Control of Generation of Code ('Code Injection') in Spring Framework Moderate
CVE-2010-1622 was published for org.springframework:spring (Maven) May 17, 2022
sunSUNQ
Code injection in Apache Struts High
CVE-2013-4316 was published for org.apache.struts:struts2-core (Maven) May 17, 2022
sunSUNQ
Django settings leak in date template filter Moderate
CVE-2015-8213 was published for django (pip) May 17, 2022
sunSUNQ
Improper Input Validation in Apache ActiveMQ Moderate
CVE-2015-6524 was published for org.apache.activemq:activemq-broker (Maven) May 17, 2022
sunSUNQ
Django DoS in django.views.static.serve Moderate
CVE-2015-0221 was published for django (pip) May 17, 2022
sunSUNQ
Open redirect in Apache Struts Moderate
CVE-2013-2248 was published for org.apache.struts:struts2-core (Maven) May 17, 2022
sunSUNQ
Django Vulnerable to Cache Poisoning Moderate
CVE-2014-1418 was published for django (pip) May 17, 2022
sunSUNQ
Apache Tomcat Allows Replacing of XML Parser Moderate
CVE-2011-2481 was published for org.apache.tomcat:tomcat (Maven) May 17, 2022
sunSUNQ
Improper Neutralization of Directives in Dynamically Evaluated Code in Spring Framework High
CVE-2011-2730 was published for org.springframework:spring-core (Maven) May 17, 2022
sunSUNQ
Apache Struts improper action name cleanup Critical
CVE-2016-4436 was published for org.apache.struts:struts2-core (Maven) May 17, 2022
sunSUNQ
Apache Struts Open Redirect High
CVE-2016-4433 was published for org.apache.struts.xwork:xwork-core (Maven) May 17, 2022
sunSUNQ
Apache Struts vulnerable to possible DoS attack when using URLValidator Moderate
CVE-2016-4465 was published for org.apache.struts:struts2-core (Maven) May 17, 2022
sunSUNQ
Denial of service in Apache Struts Moderate
CVE-2012-4387 was published for org.apache.struts.xwork:xwork-core (Maven) May 17, 2022
sunSUNQ
Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ Moderate
CVE-2013-1879 was published for org.apache.activemq:activemq-client (Maven) May 17, 2022
sunSUNQ
Jenkins directory traversal vulnerability Moderate
CVE-2014-2059 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
sunSUNQ
Jenkins cross-site scripting (XSS) vulnerability Moderate
CVE-2014-2067 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
sunSUNQ
Incomplete exclude pattern in Apache Struts High
CVE-2015-1831 was published for org.apache.struts.xwork:xwork-core (Maven) May 17, 2022
sunSUNQ
Django Vulnerable to HTTP Response Splitting Attack Moderate
CVE-2015-5144 was published for django (pip) May 17, 2022
sunSUNQ
Apache Struts CSRF Vulnerability High
CVE-2016-4430 was published for org.apache.struts.xwork:xwork-core (Maven) May 17, 2022
sunSUNQ
Denial of service in Apache Tomcat Moderate
CVE-2014-0095 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) May 17, 2022
q5438722 sunSUNQ
Race Condition in Jenkins High
CVE-2017-1000503 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
sunSUNQ
Deserialization of Untrusted Data in Jenkins Moderate
CVE-2017-1000355 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
sunSUNQ
ProTip! Advisories are also available from the GraphQL API