GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
93 advisories
Filter by severity
Moderate severity vulnerability that affects org.apache.struts:struts2-rest-plugin
Moderate
CVE-2017-15707
was published
for
org.apache.struts:struts2-rest-plugin
(Maven)
Oct 16, 2018
Apache Struts Improper Input Validation vulnerability
Moderate
CVE-2017-7672
was published
for
org.apache.struts:struts2-core
(Maven)
Oct 16, 2018
Improper Input Validation in org.apache.qpid:qpid-broker
Moderate
CVE-2016-3094
was published
for
org.apache.qpid:qpid-broker
(Maven)
Oct 16, 2018
Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core
Moderate
CVE-2018-1199
was published
for
org.springframework.security:spring-security-core
(Maven)
Oct 17, 2018
OrientDB Studio web management interface is vulnerable to clickjacking attacks
Moderate
CVE-2015-2918
was published
for
com.orientechnologies:orientdb-studio
(Maven)
Oct 18, 2018
Moderate severity vulnerability that affects org.apache.qpid:apache-qpid-broker-j
Moderate
CVE-2018-1298
was published
for
org.apache.qpid:apache-qpid-broker-j
(Maven)
Oct 19, 2018
Improper Input Validation in org.wildfly:wildfly-undertow
Moderate
CVE-2018-1047
was published
for
org.wildfly:wildfly-undertow
(Maven)
Oct 19, 2018
Moderate severity vulnerability that affects org.apache.oozie:oozie-core
Moderate
CVE-2018-11799
was published
for
org.apache.oozie:oozie-core
(Maven)
Dec 20, 2018
Moderate severity vulnerability that affects com.fasterxml.jackson.datatype:jackson-datatype-jsr353
Moderate
CVE-2018-1000873
was published
for
com.fasterxml.jackson.datatype:jackson-datatype-jsr310
(Maven)
Dec 21, 2018
Improper Input Validation in Apache Archiva
Moderate
CVE-2019-0214
was published
for
org.apache.archiva:archiva
(Maven)
May 14, 2019
Improper Input Validation and Missing Authentication for Critical Function in Apache ActiveMQ
Moderate
CVE-2015-7559
was published
for
org.apache.activemq:activemq-client
(Maven)
Aug 1, 2019
Improper input validation in Apache Santuario XML Security for Java
Moderate
CVE-2019-12400
was published
for
org.apache.santuario:xmlsec
(Maven)
Aug 27, 2019
Man-in-the-middle attack in Apache Axis
Moderate
CVE-2012-5784
was published
for
axis:axis
(Maven)
Oct 7, 2020
Directory traversal in development mode handler in Vaadin 14 and 15-17
Moderate
GHSA-82mf-mmh7-hxp5
was published
for
com.vaadin:vaadin-bom
(Maven)
Apr 19, 2021
Directory traversal in development mode handler in Vaadin 14 and 15-17
Moderate
CVE-2020-36321
was published
for
com.vaadin:flow-server
(Maven)
Apr 19, 2021
Path Traversal and Improper Input Validation in Apache Commons IO
Moderate
CVE-2021-29425
was published
for
com.cosium.vet:vet
(Maven)
Apr 26, 2021
Improper Input Validation in Hibernate Validator
Moderate
CVE-2020-10693
was published
for
org.hibernate.validator:hibernate-validator
(Maven)
Jun 4, 2021
Possible route enumeration in production mode via RouteNotFoundError view in Vaadin 10, 11-14, and 15-19
Moderate
CVE-2021-31412
was published
for
com.vaadin:vaadin-bom
(Maven)
Jun 28, 2021
Improper Input Validation in Jakarta Expression Language
Moderate
CVE-2021-28170
was published
for
com.sun.el:el-ri
(Maven)
Oct 6, 2021
Code injection in Kubernetes Java Client
Moderate
CVE-2021-25738
was published
for
io.kubernetes:client-java
(Maven)
Oct 12, 2021
Denial of service in DataCommunicator class in Vaadin 8
Moderate
CVE-2021-33609
was published
for
com.vaadin:vaadin-server
(Maven)
Oct 13, 2021
Improper Input Validation and Injection in Apache Log4j2
Moderate
CVE-2021-44832
was published
for
org.apache.logging.log4j:log4j-core
(Maven)
Jan 4, 2022
Improper Input Validation in Apache Pulsar
Moderate
CVE-2021-41571
was published
for
org.apache.pulsar:pulsar
(Maven)
Feb 2, 2022
Improper Input Validation in Apache Solr
Moderate
CVE-2020-13941
was published
for
org.apache.solr:solr-parent
(Maven)
Feb 10, 2022
Improper Input Validation in Xerces
Moderate
CVE-2020-14338
was published
for
xerces:xercesImpl
(Maven)
Feb 15, 2022
ProTip!
Advisories are also available from the
GraphQL API