GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
2,363 advisories
Filter by severity
Improper Input Validation in org.wildfly:wildfly-undertow
Moderate
CVE-2018-1047
was published
for
org.wildfly:wildfly-undertow
(Maven)
Oct 19, 2018
Moderate severity vulnerability that affects com.sparkjava:spark-core
Moderate
CVE-2018-9159
was published
for
com.sparkjava:spark-core
(Maven)
Oct 19, 2018
Moderate severity vulnerability that affects io.vertx:vertx-core
Moderate
CVE-2018-12537
was published
for
io.vertx:vertx-core
(Maven)
Oct 19, 2018
Apache ActiveMQ web console vulnerable to Cross-site Scripting
Moderate
CVE-2018-8006
was published
for
org.apache.activemq:activemq-web-console
(Maven)
Oct 30, 2018
Improper Control of Interaction Frequency in Apache syncope-core
Moderate
CVE-2018-17184
was published
for
org.apache.syncope:syncope-core
(Maven)
Nov 6, 2018
Exposure of Sensitive Information to an Unauthorized Actor in Apache syncope-cope
Moderate
CVE-2018-1322
was published
for
org.apache.syncope:syncope-core
(Maven)
Nov 6, 2018
org.apache.spark:spark-core_2.10 and org.apache.spark:spark-core_2.11 Improper Authentication vulnerability
Moderate
CVE-2018-11770
was published
for
org.apache.spark:spark-core_2.10
(Maven)
Nov 9, 2018
Moderate severity vulnerability that affects org.apache.spark:spark-core_2.10 and org.apache.spark:spark-core_2.11
Moderate
CVE-2017-7678
was published
for
org.apache.spark:spark-core_2.10
(Maven)
Nov 9, 2018
Moderate severity vulnerability that affects org.apache.hive:hive-jdbc
Moderate
CVE-2018-1314
was published
for
org.apache.hive:hive-jdbc
(Maven)
Nov 21, 2018
Moderate severity vulnerability that affects org.apache.oozie:oozie-core
Moderate
CVE-2018-11799
was published
for
org.apache.oozie:oozie-core
(Maven)
Dec 20, 2018
Improper Restriction of Rendered UI Layers or Frames in Apache nifif
Moderate
CVE-2018-17192
was published
for
org.apache.nifi:nifi
(Maven)
Dec 20, 2018
Cross site scripting in org.apache.nifi:nifi
Moderate
CVE-2018-17193
was published
for
org.apache.nifi:nifi
(Maven)
Dec 20, 2018
Moderate severity vulnerability that affects com.fasterxml.jackson.datatype:jackson-datatype-jsr353
Moderate
CVE-2018-1000873
was published
for
com.fasterxml.jackson.datatype:jackson-datatype-jsr310
(Maven)
Dec 21, 2018
Moderate severity vulnerability that affects org.apache.hadoop:hadoop-main
Moderate
CVE-2017-3166
was published
for
org.apache.hadoop:hadoop-main
(Maven)
Dec 21, 2018
Moderate severity vulnerability that affects org.apache.hadoop:hadoop-main
Moderate
CVE-2017-15713
was published
for
org.apache.hadoop:hadoop-main
(Maven)
Dec 21, 2018
Apache Tika Denial of Service due to Infinite Loop in Tika's SQLite3Parser
Moderate
CVE-2018-17197
was published
for
org.apache.tika:tika-parsers
(Maven)
Dec 26, 2018
Moderate severity vulnerability that affects org.hswebframework.web:hsweb-commons
Moderate
CVE-2018-20594
was published
for
org.hswebframework.web:hsweb-commons
(Maven)
Jan 4, 2019
Jinjava calls getClass
Moderate
CVE-2018-18893
was published
for
com.hubspot.jinjava:jinjava
(Maven)
Jan 4, 2019
Moderate severity vulnerability that affects org.apache.karaf:apache-karaf
Moderate
CVE-2016-8750
was published
for
org.apache.karaf:apache-karaf
(Maven)
Jan 7, 2019
Apache Thrift Node.js static web server sandbox escape
Moderate
CVE-2018-11798
was published
for
org.apache.thrift:libthrift
(Maven)
Jan 17, 2019
Cross-site Scripting in jspwiki-war
Moderate
CVE-2018-20242
was published
for
org.apache.jspwiki:jspwiki-war
(Maven)
Feb 12, 2019
Moderate severity vulnerability that affects org.b3log:symphony
Moderate
CVE-2019-9142
was published
for
org.b3log:symphony
(Maven)
Mar 6, 2019
Moderate severity vulnerability that affects com.puppycrawl.tools:checkstyle
Moderate
CVE-2019-9658
was published
for
com.puppycrawl.tools:checkstyle
(Maven)
Mar 14, 2019
spring-security-oauth and spring-security-oauth2 Open Redirect vulnerability
Moderate
CVE-2019-3778
was published
for
org.springframework.security.oauth:spring-security-oauth
(Maven)
Mar 14, 2019
Moderate severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service
Moderate
CVE-2017-12625
was published
for
org.apache.hive:hive
(Maven)
Mar 14, 2019
ProTip!
Advisories are also available from the
GraphQL API