Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,231
Erlang
31
GitHub Actions
20
Go
1,991
Maven
5,000+
npm
3,709
NuGet
661
pip
3,341
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

5,178 advisories

Loading
Bootstrap Vulnerable to Cross-Site Scripting Moderate
CVE-2019-8331 was published for Bootstrap.Less (RubyGems) Feb 22, 2019
Exposure of Sensitive Information to an Unauthorized Actor in Hadoop High
CVE-2018-1296 was published for org.apache.hadoop:hadoop-main (Maven) Feb 12, 2019
Cross-site Scripting in jspwiki-war Moderate
CVE-2018-20242 was published for org.apache.jspwiki:jspwiki-war (Maven) Feb 12, 2019
Low severity vulnerability that affects org.springframework.batch:spring-batch-core Low
CVE-2019-3774 was published for org.springframework.batch:spring-batch-core (Maven) Jan 25, 2019
Vulnerability that affects org.springframework.ws:spring-ws and org.springframework.ws:spring-xml Critical
CVE-2019-3773 was published for org.springframework.ws:spring-ws (Maven) Jan 25, 2019
Improper Restriction of XML External Entity Reference in org.springframework.integration:spring-integration-ws and org.springframework.integration:spring-integration-xml Low
CVE-2019-3772 was published for org.springframework.integration:spring-integration-ws (Maven) Jan 25, 2019
MarkLee131
bootstrap Cross-site Scripting vulnerability Moderate
CVE-2018-20677 was published for bootstrap (RubyGems) Jan 17, 2019
tdunlap607
XSS vulnerability that affects bootstrap Moderate
CVE-2018-20676 was published for bootstrap (RubyGems) Jan 17, 2019
tdunlap607
Bootstrap Cross-site Scripting vulnerability Moderate
CVE-2016-10735 was published for bootstrap (RubyGems) Jan 17, 2019
roka-actico
Improper Input Validation in Apache Thrift High
CVE-2018-1320 was published for org.apache.thrift:libthrift (Maven) Jan 17, 2019
szymon-miezal MarkLee131
Apache Thrift Node.js static web server sandbox escape Moderate
CVE-2018-11798 was published for org.apache.thrift:libthrift (Maven) Jan 17, 2019
Improper Authentication in Apache Karaf High
CVE-2018-11787 was published for org.apache.karaf:apache-karaf (Maven) Jan 7, 2019
XML External Entity Reference in Apache Karaf Critical
CVE-2018-11788 was published for org.apache.karaf.specs:org.apache.karaf.specs.java.xml (Maven) Jan 7, 2019
Moderate severity vulnerability that affects org.apache.karaf:apache-karaf Moderate
CVE-2016-8750 was published for org.apache.karaf:apache-karaf (Maven) Jan 7, 2019
XML External Entity Reference in mchange:c3p0 Critical
CVE-2018-20433 was published for com.mchange:c3p0 (Maven) Jan 7, 2019
Arbitrary Code Execution in jackson-databind Critical
CVE-2018-14719 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jan 4, 2019
XML External Entity Reference (XXE) in jackson-databind Critical
CVE-2018-14720 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jan 4, 2019
G-Rath
Server-Side Request Forgery (SSRF) in jackson-databind Critical
CVE-2018-14721 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jan 4, 2019
com.fasterxml.jackson.core:jackson-databind vulnerable to Deserialization of Untrusted Data Critical
CVE-2018-19362 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jan 4, 2019
sunSUNQ
Deserialization of Untrusted Data in jackson-databind Critical
CVE-2018-19361 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jan 4, 2019
Deserialization of Untrusted Data in jackson-databind due to polymorphic deserialization Critical
CVE-2018-19360 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jan 4, 2019
G-Rath
Arbitrary Code Execution in jackson-databind Critical
CVE-2018-14718 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jan 4, 2019
Jinjava calls getClass Moderate
CVE-2018-18893 was published for com.hubspot.jinjava:jinjava (Maven) Jan 4, 2019
Moderate severity vulnerability that affects org.hswebframework.web:hsweb-commons Moderate
CVE-2018-20594 was published for org.hswebframework.web:hsweb-commons (Maven) Jan 4, 2019
Cross-Site Request Forgery (CSRF) in hswebframework.web:hsweb-commons High
CVE-2018-20595 was published for org.hswebframework.web:hsweb-commons (Maven) Jan 4, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database