Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

4,978 advisories

Loading
High severity vulnerability that affects org.apache.hbase:hbase High
CVE-2015-1836 was published for org.apache.hbase:hbase (Maven) Oct 18, 2018
Moderate severity vulnerability that affects org.apache.storm:storm-core Moderate
CVE-2018-1332 was published for org.apache.storm:storm-core (Maven) Oct 17, 2018
Moderate severity vulnerability that affects org.apache.spark:spark-core_2.10 and org.apache.spark:spark-core_2.11 Moderate
CVE-2017-7678 was published for org.apache.spark:spark-core_2.10 (Maven) Nov 9, 2018
The Bouncy Castle JCE Provider carry a propagation bug High
CVE-2016-1000340 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 17, 2018
In Bouncy Castle JCE Provider the DSA key pair generator generates a weak private key if used with default values High
CVE-2016-1000343 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 17, 2018
Unzip function in ZipUtil.java in Hutool allows remote attackers to overwrite arbitrary files via directory traversal High
CVE-2018-17297 was published for cn.hutool:hutool-all (Maven) Oct 17, 2018
When running Apache Tomcat on Windows with HTTP PUTs enabled it was possible to upload a JSP file to the server High
CVE-2017-12615 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 17, 2018
Moderate severity vulnerability that affects org.keycloak:keycloak-core Moderate
CVE-2017-1000500 was published for org.keycloak:keycloak-core (Maven) Oct 18, 2018 withdrawn
Moderate severity vulnerability that affects org.apache.struts:struts2-rest-plugin Moderate
CVE-2017-15707 was published for org.apache.struts:struts2-rest-plugin (Maven) Oct 16, 2018
Apache Storm it is possible for the owner of a topology to trick the supervisor to launch a worker as a different, non-root, user High
CVE-2017-9799 was published for org.apache.storm:storm-core (Maven) Oct 17, 2018
Moderate severity vulnerability that affects org.b3log:symphony Moderate
CVE-2019-9142 was published for org.b3log:symphony (Maven) Mar 6, 2019
Critical severity vulnerability that affects org.apache.solr:solr-core Critical
CVE-2019-0192 was published for org.apache.solr:solr-core (Maven) Mar 14, 2019
Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15 Moderate
CVE-2016-1000341 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 17, 2018
Apache Ranger allows remote authenticated administrators to inject arbitrary web script or HTML Moderate
CVE-2016-5395 was published for org.apache.ranger:ranger (Maven) Oct 17, 2018
Directory traversal in Apache RocketMQ Moderate
CVE-2019-17572 was published for org.apache.rocketmq:rocketmq-broker (Maven) Jul 1, 2020
Moderate severity vulnerability that affects org.apache.tomcat.embed:tomcat-embed-core Moderate
GHSA-r53m-pfr5-7v87 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Apr 18, 2019 withdrawn
Moderate severity vulnerability that affects org.apache.ranger:ranger Moderate
CVE-2016-6815 was published for org.apache.ranger:ranger (Maven) Oct 17, 2018
The REST Plugin in Apache Struts is using an outdated XStream library High
CVE-2017-9793 was published for org.apache.struts:struts2-rest-plugin (Maven) Oct 16, 2018
In Bouncy Castle JCE Provider the ECIES implementation allowed the use of ECB mode High
CVE-2016-1000352 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 17, 2018
Moderate severity vulnerability that affects org.apache.oozie:oozie-core Moderate
CVE-2018-11799 was published for org.apache.oozie:oozie-core (Maven) Dec 20, 2018
XML External Entity (XXE) vulnerability in codelibs fess Critical
CVE-2018-1000822 was published for org.codelibs.fess:fess (Maven) Dec 20, 2018
Cryptographically Weak Pseudo-Random Number Generator (PRNG) in akka-actor Critical
CVE-2018-16115 was published for com.typesafe.akka:akka-actor_2.11 (Maven) Oct 22, 2018
Denial of service in XStream High
CVE-2017-7957 was published for com.thoughtworks.xstream:xstream (Maven) Jun 30, 2020
Denial of service due to reference expansion in versions earlier than 4.0 High
GHSA-mm44-wc5p-wqhq was published for com.upokecenter:cbor (Maven) Jul 7, 2020
Privilege escalation in mysql-connector-jav Moderate
CVE-2019-2692 was published for mysql:mysql-connector-java (Maven) Jul 1, 2020
ProTip! Advisories are also available from the GraphQL API