GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+
114 advisories
Filter by severity
The REST Plugin in Apache Struts is using an outdated XStream library
High
CVE-2017-9793
was published
for
org.apache.struts:struts2-rest-plugin
(Maven)
Oct 16, 2018
Apache Struts allows entering a custom URL in a form field if built-in URLValidator is used
High
CVE-2017-9804
was published
for
org.apache.struts:struts2-core
(Maven)
Oct 16, 2018
Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents
High
CVE-2018-8030
was published
for
org.apache.qpid:apache-qpid-broker-j
(Maven)
Oct 16, 2018
Improper certificate validation in org.apache.httpcomponents:httpclient
High
CVE-2012-6153
was published
for
org.apache.httpcomponents:httpclient
(Maven)
Oct 17, 2018
Files or Directories Accessible to External Parties in org.springframework:spring-core
High
CVE-2015-5211
was published
for
org.springframework:spring-core
(Maven)
Oct 17, 2018
High severity vulnerability that affects org.apache.cxf.fediz:fediz-jetty8, org.apache.cxf.fediz:fediz-jetty9, org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cxf.fediz:fediz-spring3
High
CVE-2018-8038
was published
for
org.apache.cxf.fediz:fediz-jetty8
(Maven)
Oct 18, 2018
Apache CXF Fediz application plugins are vulnerable to Denial of Service (DoS) attacks
High
CVE-2015-5175
was published
for
org.apache.cxf.fediz:fediz-core
(Maven)
Oct 18, 2018
Apache Struts vulnerable to remote command execution (RCE) due to improper input validation
High
CVE-2018-11776
was published
for
org.apache.struts:struts2-core
(Maven)
Oct 18, 2018
Improper Input Validation in async-http-client
High
CVE-2017-14063
was published
for
org.asynchttpclient:async-http-client
(Maven)
Oct 19, 2018
High severity vulnerability that affects org.apache.syncope:syncope-core
High
CVE-2018-1321
was published
for
org.apache.syncope:syncope-core
(Maven)
Nov 6, 2018
Apache NiFi Improper Input Validation vulnerability
High
CVE-2018-17194
was published
for
org.apache.nifi:nifi-framework-cluster
(Maven)
Dec 20, 2018
High severity vulnerability that affects commons-fileupload:commons-fileupload
High
CVE-2016-3092
was published
for
commons-fileupload:commons-fileupload
(Maven)
Dec 21, 2018
Commons FileUpload Denial of service vulnerability
High
CVE-2014-0050
was published
for
commons-fileupload:commons-fileupload
(Maven)
Dec 21, 2018
Improper Input Validation in Apache Thrift
High
CVE-2018-1320
was published
for
org.apache.thrift:libthrift
(Maven)
Jan 17, 2019
Improper Input Validation in Apache Qpid Broker-J
High
CVE-2019-0200
was published
for
org.apache.qpid:apache-qpid-broker-j
(Maven)
Mar 7, 2019
Improper Input Validation in Apache Sanselan
High
CVE-2018-17201
was published
for
org.apache.sanselan:sanselan
(Maven)
May 14, 2019
Improper Input Validation and Cross-Site Request Forgery in Keycloak
High
CVE-2019-10199
was published
for
org.keycloak:keycloak-core
(Maven)
Sep 23, 2019
Improper input validation in Apache Olingo
High
CVE-2019-17555
was published
for
org.apache.olingo:odata-client-core
(Maven)
Feb 4, 2020
Improper Input Validation in Apache Solr
High
CVE-2019-17558
was published
for
org.apache.solr:solr-core
(Maven)
Feb 12, 2020
Remote Code Execution - JavaEL Injection (low privileged accounts) in Nexus Repository Manager
High
CVE-2020-10204
was published
for
org.sonatype.nexus:nexus-core
(Maven)
Apr 14, 2020
Arbitrary code execution in Apache Commons BeanUtils
High
CVE-2014-0114
was published
for
commons-beanutils:commons-beanutils
(Maven)
Jun 10, 2020
Information Exposure in Netty
High
CVE-2015-2156
was published
for
io.netty:netty
(Maven)
Jun 30, 2020
Denial of service in XStream
High
CVE-2017-7957
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Jun 30, 2020
Potential access control security issue in apollo-adminservice
High
CVE-2020-15170
was published
for
com.ctrip.framework.apollo:apollo-core
(Maven)
Oct 2, 2020
Vulnerability in RPKI manifest validation
High
GHSA-q76j-58cx-wp5v
was published
for
net.ripe.rpki:rpki-validator-3
(Maven)
Nov 13, 2020
ProTip!
Advisories are also available from the
GraphQL API