GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
2,416 advisories
Filter by severity
Stored XSS in Apache Atlas
Moderate
CVE-2019-10070
was published
for
org.apache.atlas:apache-atlas
(Maven)
Jan 8, 2020
The SafeHtml annotation in Hibernate-Validator does not properly guard against XSS attacks
Moderate
CVE-2019-10219
was published
for
org.hibernate.validator:hibernate-validator
(Maven)
Jan 8, 2020
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') in Armeria
Moderate
GHSA-35fr-h7jr-hh86
was published
for
com.linecorp.armeria:armeria
(Maven)
Dec 6, 2019
Low severity vulnerability that affects com.linecorp.armeria:armeria
Moderate
CVE-2019-16771
was published
for
com.linecorp.armeria:armeria
(Maven)
Dec 5, 2019
Apache NiFi process group information disclosure
Moderate
CVE-2019-10083
was published
for
org.apache.nifi:nifi
(Maven)
Dec 2, 2019
Apache NiFi information disclosure by XXE
Moderate
CVE-2019-10080
was published
for
org.apache.nifi:nifi
(Maven)
Dec 2, 2019
Unescaped exception messages in error responses in Jetty
Moderate
CVE-2019-17632
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Dec 2, 2019
XSS issues in the management interface
Moderate
CVE-2019-13236
was published
for
org.opencms:opencms-core
(Maven)
Nov 12, 2019
XSS in login form
Moderate
CVE-2019-13235
was published
for
org.opencms:opencms-core
(Maven)
Nov 12, 2019
Local file inclusion allows unauthorized access to internal resources in Alkacon OpenCms
Moderate
CVE-2019-13237
was published
for
org.opencms:opencms-core
(Maven)
Nov 12, 2019
XSS in search engine
Moderate
CVE-2019-13234
was published
for
org.opencms:opencms-core
(Maven)
Nov 12, 2019
Potential DOS attack due to unrestricted attachment count in messages
Moderate
CVE-2019-12406
was published
for
org.apache.cxf:apache-cxf
(Maven)
Nov 8, 2019
Use of Cryptographically Weak Pseudo-Random Number Generator in org.pac4j:pac4j-saml
Moderate
CVE-2019-10755
was published
for
org.pac4j:pac4j-saml
(Maven)
Nov 6, 2019
Denial of service via deserialization attack in nifi
Moderate
CVE-2017-15703
was published
for
org.apache.nifi:nifi-framework-cluster-protocol
(Maven)
Oct 25, 2019
Cross-site scripting in Apache JSPWiki
Moderate
CVE-2019-12404
was published
for
org.apache.jspwiki:jspwiki-war
(Maven)
Oct 11, 2019
Cross-site scripting in Apache JSPWiki
Moderate
CVE-2019-10089
was published
for
org.apache.jspwiki:jspwiki-war
(Maven)
Oct 11, 2019
Cross-site scripting in Apache JSPWiki
Moderate
CVE-2019-10087
was published
for
org.apache.jspwiki:jspwiki-war
(Maven)
Oct 11, 2019
Cross-site scripting in Apache JSPWiki
Moderate
CVE-2019-10090
was published
for
org.apache.jspwiki:jspwiki-war
(Maven)
Oct 11, 2019
Cross-site scripting in Sakai
Moderate
CVE-2019-16148
was published
for
org.sakaiproject:chat-base
(Maven)
Sep 23, 2019
Improper Verification of Cryptographic Signature in keycloak
Moderate
CVE-2019-10201
was published
for
org.keycloak:keycloak-core
(Maven)
Sep 23, 2019
Improper Handling of Exceptional Conditions and Origin Validation Error in Eclipse Paho Java client library
Moderate
CVE-2019-11777
was published
for
org.eclipse.paho:org.eclipse.paho.client.mqttv3
(Maven)
Sep 17, 2019
Incorrect Resource Transfer Between Spheres in eclipse-wtp
Moderate
CVE-2019-10753
was published
for
com.diffplug.spotless:spotless-eclipse-cdt
(Maven)
Sep 11, 2019
Improper input validation in Apache Santuario XML Security for Java
Moderate
CVE-2019-12400
was published
for
org.apache.santuario:xmlsec
(Maven)
Aug 27, 2019
Cross-site Scripting in Jooby
Moderate
CVE-2019-15477
was published
for
org.jooby:jooby
(Maven)
Aug 27, 2019
Cross-site Scripting in Ignite Realtime Openfire
Moderate
CVE-2019-15488
was published
for
org.igniterealtime.openfire:xmppserver
(Maven)
Aug 27, 2019
ProTip!
Advisories are also available from the
GraphQL API