GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,665 advisories
Filter by severity
Regular expression Denial of Service (ReDoS) in EmailValidator class in V7 compatibility module in Vaadin 8
High
GHSA-jfmf-w293-8xr8
was published
for
com.vaadin:vaadin-bom
(Maven)
Oct 13, 2021
Cleartext Transmission of Sensitive Information, Inclusion of Functionality from Untrusted Control Sphere , and Download of Code Without Integrity Check in Eclipse hawkBit
High
CVE-2019-10240
was published
for
org.eclipse.hawkbit:hawkbit-autoconfigure
(Maven)
Apr 15, 2019
Using JMSAppender in log4j configuration may lead to deserialization of untrusted data
High
GHSA-3w6p-8f82-gw8r
was published
for
ru.yandex.clickhouse:clickhouse-jdbc-bridge
(Maven)
Dec 17, 2021
com.amazon.redshift:redshift-jdbc42 vulnerable to remote command execution
High
CVE-2022-41828
was published
for
com.amazon.redshift:redshift-jdbc42
(Maven)
Oct 12, 2022
Trust Boundary Violation due to Incomplete Blacklist in Test Failure Processing in Ares
High
GHSA-883x-6fch-6wjx
was published
for
de.tum.in.ase:artemis-java-test-sandbox
(Maven)
Jan 21, 2022
Denial of service in CBOR library
High
GHSA-fj2w-wfgv-mwq6
was published
for
com.upokecenter:cbor
(Maven)
Jan 21, 2022
Improper Limitation of a Pathname ('Path Traversal') in org.apache.jspwiki:jspwiki-war
High
CVE-2019-0225
was published
for
org.apache.jspwiki:jspwiki-war
(Maven)
Apr 8, 2019
Server-Side Request Forgery (SSRF) in org.apache.solr:solr-core
High
CVE-2017-3164
was published
for
org.apache.solr:solr-core
(Maven)
Mar 14, 2019
Improper Authentication in org.keycloak:keycloak-core
High
CVE-2016-8609
was published
for
org.keycloak:keycloak-core
(Maven)
Oct 18, 2018
Improper Limitation of a Pathname ('Path Traversal') in org.apache.solr:solr-core
High
CVE-2017-3163
was published
for
org.apache.solr:solr-core
(Maven)
Oct 18, 2018
Uncontrolled Resource Consumption in org.eclipse.jetty:jetty-server
High
CVE-2018-12545
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Mar 28, 2019
org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service vulnerable to Improper Certificate Validation
High
CVE-2016-3083
was published
for
org.apache.hive:hive
(Maven)
Mar 14, 2019
Improper Authorization in org.apache.hbase:hbase
High
CVE-2019-0212
was published
for
org.apache.hbase:hbase
(Maven)
Apr 2, 2019
Improper Authentication in org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service
High
CVE-2015-1772
was published
for
org.apache.hive:hive
(Maven)
Mar 14, 2019
io.ratpack:ratpack-core vulnerable to Improper Neutralization of Special Elements in Output ('Injection')
High
CVE-2019-17513
was published
for
io.ratpack:ratpack-core
(Maven)
Oct 21, 2019
Improper Privilege Management in org.apache.hadoop:hadoop-main
High
CVE-2018-11767
was published
for
org.apache.hadoop:hadoop-main
(Maven)
Mar 25, 2019
Class Loading Vulnerability in Artemis
High
GHSA-227w-wv4j-67h4
was published
for
de.tum.in.ase:artemis-java-test-sandbox
(Maven)
Feb 9, 2022
Apiman has potential permissions bypass
High
CVE-2022-47551
was published
for
io.apiman:apiman-manager-api-rest-impl
(Maven)
Jan 3, 2023
Lithium vulnerable to Cross Site Scripting in provided Swagger-UI
High
GHSA-f36p-42jv-8rh2
was published
for
com.wire.bots:lithium
(Maven)
Sep 30, 2022
Gravitee API Management contains Path Traversal
High
CVE-2022-38723
was published
for
io.gravitee.apim:gravitee-api-management
(Maven)
Jan 4, 2023
A potential Denial of Service issue in protobuf-java
High
CVE-2021-22569
was published
for
com.google.protobuf:protobuf-java
(RubyGems)
Jan 7, 2022
org.neo4j.procedure:apoc Path Traversal Vulnerability
High
CVE-2022-23532
was published
for
org.neo4j.procedure:apoc
(Maven)
Jan 13, 2023
Wildfly-elytron possibly vulnerable to timing attacks via use of unsafe comparator
High
CVE-2022-3143
was published
for
org.wildfly.security:wildfly-elytron
(Maven)
Jan 13, 2023
Session fixation vulnerability in Jenkins OpenID Plugin
High
CVE-2023-24444
was published
for
org.jenkins-ci.plugins:openid
(Maven)
Jan 26, 2023
Incorrect Authorization in WildFly Elytron
High
CVE-2020-1748
was published
for
org.wildfly.security:wildfly-elytron
(Maven)
Feb 15, 2022
ProTip!
Advisories are also available from the
GraphQL API