GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
2,363 advisories
Filter by severity
Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark via crafted URL
Moderate
CVE-2018-8024
was published
for
org.apache.spark:spark-core_2.10
(Maven)
Mar 14, 2019
Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark
Moderate
CVE-2018-1334
was published
for
org.apache.spark:spark-core_2.10
(Maven)
Mar 14, 2019
Apache Commons Compress vulnerable to denial of service due to infinite loop
Moderate
CVE-2018-1324
was published
for
com.liferay:com.liferay.portal.tools.bundle.support
(Maven)
Mar 14, 2019
Moderate severity vulnerability that affects org.apache.karaf:apache-karaf and org.apache.karaf:karaf
Moderate
CVE-2019-0191
was published
for
org.apache.karaf:apache-karaf
(Maven)
Mar 25, 2019
Moderate severity vulnerability that affects org.apache.jspwiki:jspwiki-main
Moderate
CVE-2019-0224
was published
for
org.apache.jspwiki:jspwiki-main
(Maven)
Apr 2, 2019
Spring Security uses insufficiently random values
Moderate
CVE-2019-3795
was published
for
org.springframework.security:spring-security-core
(Maven)
Apr 16, 2019
Moderate severity vulnerability that affects org.apache.tomcat.embed:tomcat-embed-core
Moderate
GHSA-r53m-pfr5-7v87
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Apr 18, 2019
•
withdrawn
Missing Encryption of Sensitive Data in arrow-kt Arrow
Moderate
CVE-2019-11404
was published
for
io.arrow-kt:arrow-ank-gradle
(Maven)
Apr 22, 2019
Duplicate Advisory: Prototype Pollution in jquery
Moderate
CVE-2019-5428
was published
for
jquery
(RubyGems)
Apr 23, 2019
•
withdrawn
Cross-site Scripting in Eclipse Jetty
Moderate
CVE-2019-10241
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Apr 23, 2019
Installation information leak in Eclipse Jetty
Moderate
CVE-2019-10247
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Apr 23, 2019
Information Exposure vulnerability in Eclipse Jetty
Moderate
CVE-2019-10246
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Apr 23, 2019
Cross-site Scripting in Apache Zeppelin
Moderate
CVE-2018-1328
was published
for
org.apache.zeppelin:zeppelin
(Maven)
Apr 24, 2019
XSS in jQuery as used in Drupal, Backdrop CMS, and other products
Moderate
CVE-2019-11358
was published
for
django
(RubyGems)
Apr 26, 2019
Exposure of Sensitive Information to an Unauthorized Actor in Keycloak
Moderate
CVE-2019-3868
was published
for
org.keycloak:keycloak-core
(Maven)
Apr 30, 2019
Improper Input Validation in Apache Archiva
Moderate
CVE-2019-0214
was published
for
org.apache.archiva:archiva
(Maven)
May 14, 2019
Cross-site scripting in Apache Archiva
Moderate
CVE-2019-0213
was published
for
org.apache.archiva:archiva
(Maven)
May 14, 2019
Cross-site Scripting in Apache UIMA
Moderate
CVE-2018-8035
was published
for
org.apache.uima:uima-ducc-web
(Maven)
May 14, 2019
Exposure of Sensitive Information to an Unauthorized Actor and SQL Injection in Spring Data JPA
Moderate
CVE-2019-3797
was published
for
org.springframework.data:spring-data-jpa
(Maven)
May 14, 2019
Path Traversal in Spring Cloud Config
Moderate
CVE-2019-3799
was published
for
org.springframework.cloud:spring-cloud-config-server
(Maven)
May 23, 2019
Access control bypass in Apache ZooKeeper
Moderate
CVE-2019-0201
was published
for
org.apache.zookeeper:zookeeper
(Maven)
May 29, 2019
Cross-site scripting in Apache Tomcat
Moderate
CVE-2019-0221
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
May 30, 2019
Improper Neutralization of Wildcards or Matching Symbols
Moderate
CVE-2019-3802
was published
for
org.springframework.data:spring-data-jpa
(Maven)
Jun 4, 2019
Cross-Site Scripting in JSPWiki
Moderate
CVE-2019-10076
was published
for
org.apache.jspwiki:jspwiki-main
(Maven)
Jun 6, 2019
Cross-site Scripting in JSPWiki
Moderate
CVE-2019-10077
was published
for
org.apache.jspwiki:jspwiki-main
(Maven)
Jun 6, 2019
ProTip!
Advisories are also available from the
GraphQL API