Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

2,363 advisories

Loading
Pivotal Spring Framework DoS Attack with XML Input Moderate
CVE-2015-3192 was published for org.springframework:spring-web (Maven) Oct 17, 2018
sunSUNQ
keycloak-core vulnerable to timing attacks against JWS token verification Moderate
CVE-2017-2585 was published for org.keycloak:keycloak-core (Maven) Oct 18, 2018
Moderate severity vulnerability that affects org.keycloak:keycloak-core Moderate
CVE-2016-8629 was published for org.keycloak:keycloak-core (Maven) Oct 18, 2018
Moderate severity vulnerability that affects org.keycloak:keycloak-core Moderate
CVE-2017-1000500 was published for org.keycloak:keycloak-core (Maven) Oct 18, 2018 withdrawn
keycloak-core discloses system properties Moderate
CVE-2017-2582 was published for org.keycloak:keycloak-core (Maven) Oct 18, 2018
Moderate severity vulnerability that affects org.keycloak:keycloak-core Moderate
CVE-2018-10912 was published for org.keycloak:keycloak-core (Maven) Oct 18, 2018
Moderate severity vulnerability that affects org.keycloak:keycloak-core Moderate
CVE-2017-12161 was published for org.keycloak:keycloak-core (Maven) Oct 18, 2018
Moderate severity vulnerability that affects org.apache.cxf.fediz:fediz-jetty8, org.apache.cxf.fediz:fediz-jetty9, and org.apache.cxf.fediz:fediz-spring2 Moderate
CVE-2017-7661 was published for org.apache.cxf.fediz:fediz-jetty8 (Maven) Oct 18, 2018
Moderate severity vulnerability that affects org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cxf.fediz:fediz-spring3 Moderate
CVE-2017-12631 was published for org.apache.cxf.fediz:fediz-spring (Maven) Oct 18, 2018
MarkLee131
Moderate severity vulnerability that affects org.owasp.antisamy:antisamy Moderate
CVE-2016-10006 was published for org.owasp.antisamy:antisamy (Maven) Oct 18, 2018
OWASP AntiSamy Cross-site Scripting vulnerability Moderate
CVE-2017-14735 was published for org.owasp.antisamy:antisamy (Maven) Oct 18, 2018
Moderate severity vulnerability that affects org.owasp.antisamy:antisamy Moderate
CVE-2018-1000643 was published for org.owasp.antisamy:antisamy (Maven) Oct 18, 2018 withdrawn
OrientDB Server Community Edition uses insufficiently random values to generate session IDs Moderate
CVE-2015-2913 was published for com.orientechnologies:orientdb-server (Maven) Oct 18, 2018
OrientDB Studio web management interface is vulnerable to clickjacking attacks Moderate
CVE-2015-2918 was published for com.orientechnologies:orientdb-studio (Maven) Oct 18, 2018
Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15 Moderate
CVE-2016-1000345 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 18, 2018
Path traversal in org.springframework.integration:spring-integration-zip Moderate
CVE-2018-1261 was published for org.springframework.integration:spring-integration-zip (Maven) Oct 18, 2018
MarkLee131
Moderate severity vulnerability that affects org.springframework.boot:spring-boot Moderate
CVE-2018-1196 was published for org.springframework.boot:spring-boot (Maven) Oct 18, 2018
Moderate severity vulnerability that affects com.rabbitmq:amqp-client and org.springframework.amqp:spring-amqp Moderate
CVE-2018-11087 was published for com.rabbitmq:amqp-client (Maven) Oct 18, 2018
Eclipse Jetty Server generates error message containing sensitive information Moderate
CVE-2018-12536 was published for org.eclipse.jetty:jetty-server (Maven) Oct 19, 2018
joshbressers
Moderate severity vulnerability that affects org.apache.commons:commons-compress Moderate
CVE-2018-11771 was published for org.apache.commons:commons-compress (Maven) Oct 19, 2018
SunBK201
Moderate severity vulnerability that affects org.apache.qpid:apache-qpid-broker-j Moderate
CVE-2018-1298 was published for org.apache.qpid:apache-qpid-broker-j (Maven) Oct 19, 2018
Moderate severity vulnerability that affects org.grails.plugins:fields and org.grails:grails-core Moderate
CVE-2018-1000529 was published for org.grails.plugins:fields (Maven) Oct 19, 2018
Moderate severity vulnerability that affects org.postgresql:pgjdbc-aggregate Moderate
CVE-2018-10936 was published for org.postgresql:pgjdbc-aggregate (Maven) Oct 19, 2018
Moderate severity vulnerability that affects io.undertow:undertow-core Moderate
CVE-2017-2670 was published for io.undertow:undertow-core (Maven) Oct 19, 2018
Undertow-core vulnerable to HTTP Request Smuggling Moderate
CVE-2017-2666 was published for io.undertow:undertow-core (Maven) Oct 19, 2018
ProTip! Advisories are also available from the GraphQL API