GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
699 advisories
Filter by severity
Improper Input Validation in Spring AMQP
Critical
CVE-2016-2173
was published
for
org.springframework.amqp:spring-amqp
(Maven)
May 13, 2022
Policies not properly enforced in OWASP Java HTML Sanitizer
Critical
CVE-2021-42575
was published
for
com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer
(Maven)
Oct 19, 2021
Weak Password Requirements in UnboundID LDAP SDK
Critical
CVE-2018-1000134
was published
for
com.unboundid:unboundid-ldapsdk
(Maven)
May 13, 2022
Improper Restriction of XML External Entity Reference in Apache OpenNLP
Critical
CVE-2017-12620
was published
for
org.apache.opennlp:opennlp-tools
(Maven)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Hadoop
Critical
CVE-2016-3086
was published
for
org.apache.hadoop:hadoop-yarn-server-nodemanager
(Maven)
May 17, 2022
Improper Restriction of XML External Entity Reference in Apache ActiveMQ
Critical
CVE-2015-3208
was published
for
org.apache.activemq:activemq-client
(Maven)
May 14, 2022
Improper Restriction of Recursive Entity References in Apache XMLBeans
Critical
CVE-2021-23926
was published
for
org.apache.xmlbeans:xmlbeans
(Maven)
Jun 16, 2021
Deserialization of Untrusted Data in JYaml
Critical
CVE-2020-8441
was published
for
org.jyaml:jyaml
(Maven)
May 24, 2022
Deserialization of Untrusted Data in Liferay Portal
Critical
CVE-2020-7961
was published
for
com.liferay.portal:com.liferay.portal-kernel
(Maven)
May 24, 2022
Neo4j Graph Database vulnerable to Path Traversal
Critical
CVE-2021-42767
was published
for
org.neo4j.procedure:apoc
(Maven)
Feb 1, 2022
Deserialization of Untrusted Data in Spring AMQP
Critical
CVE-2017-8045
was published
for
org.springframework.amqp:spring-amqp
(Maven)
May 17, 2022
dom4j allows External Entities by default which might enable XXE attacks
Critical
CVE-2020-10683
was published
for
dom4j:dom4j
(Maven)
Jun 5, 2020
Unescaped control characters in Gitblit
Critical
CVE-2022-31267
was published
for
com.gitblit:gitblit
(Maven)
May 22, 2022
Use of a Broken or Risky Cryptographic Algorithm in Apache Hadoop
Critical
CVE-2012-4449
was published
for
org.apache.hadoop:hadoop-client
(Maven)
May 17, 2022
Improper Restriction of XML External Entity Reference in Mulesoft APIkit
Critical
CVE-2020-10991
was published
for
rg.mule.modules:mule-apikit-module
(Maven)
May 24, 2022
XWiki Platform Mentions UI vulnerable to Cross-site Scripting
Critical
CVE-2022-36098
was published
for
org.xwiki.platform:xwiki-platform-mentions-ui
(Maven)
Sep 16, 2022
Quarkus does not terminate HTTP requests header context
Critical
CVE-2022-2466
was published
for
io.quarkus:quarkus-core-parent
(Maven)
Sep 1, 2022
Improper Restriction of XML External Entity Reference in Liquibase
Critical
CVE-2022-0839
was published
for
org.liquibase:liquibase-core
(Maven)
Mar 5, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
Critical
CVE-2017-1000362
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Expression Language Injection in Apache Struts
Critical
CVE-2021-31805
was published
for
org.apache.struts:struts2-core
(Maven)
Apr 13, 2022
Code injection in MCMS
Critical
CVE-2022-30506
was published
for
net.mingsoft:ms-mcms
(Maven)
Jun 3, 2022
Improper Restriction of XML External Entity Reference in Stanford CoreNLP
Critical
CVE-2021-3878
was published
for
edu.stanford.nlp:stanford-corenlp
(Maven)
May 24, 2022
HyperSQL DataBase vulnerable to remote code execution when processing untrusted input
Critical
CVE-2022-41853
was published
for
org.hsqldb:hsqldb
(Maven)
Oct 6, 2022
XML External Entity Reference in drools
Critical
CVE-2021-41411
was published
for
org.drools:drools-core
(Maven)
Jun 17, 2022
Apache Camel Netty enables Java deserialization by default
Critical
CVE-2020-11973
was published
for
org.apache.camel:camel-netty
(Maven)
May 21, 2020
ProTip!
Advisories are also available from the
GraphQL API