Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,340
Erlang
31
GitHub Actions
22
Go
2,101
Maven
5,000+
npm
3,764
NuGet
679
pip
3,451
Pub
12
RubyGems
892
Rust
885
Swift
37
Unreviewed advisories
All unreviewed
5,000+

747 advisories

Loading
Authentication bypass in Apache Shiro Critical
CVE-2020-17510 was published for org.apache.shiro:shiro-spring (Maven) Apr 22, 2021
XSS Cross Site Scripting Critical
CVE-2021-29459 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Apr 22, 2021
Missing validation of JWT signature in `ManyDesigns/Portofino` Critical
CVE-2021-29451 was published for com.manydesigns:portofino-core (Maven) Apr 19, 2021
intrigus-lgtm
Template injection in cron-utils Critical
CVE-2020-26238 was published for com.cronutils:cron-utils (Maven) Nov 24, 2020
pwntester
Remote Code Execution in Apache Synapse Critical
CVE-2017-15708 was published for org.apache.synapse:synapse-core (Maven) Nov 4, 2020
Authorization Bypass in Spring Security Critical
CVE-2014-3527 was published for org.springframework.security:spring-security-core (Maven) Sep 15, 2020
MarkLee131
Code execution in Spring Integration Critical
CVE-2020-5413 was published for org.springframework.integration:spring-integration-core (Maven) Aug 5, 2020
Operation on a Resource after Expiration or Release in Jetty Server Critical
CVE-2019-17638 was published for org.eclipse.jetty:jetty-server (Maven) Aug 5, 2020
SQL Injection in Kylin Critical
CVE-2020-13926 was published for org.apache.kylin:kylin-server-base (Maven) Jul 27, 2020
Command Injection in Kylin Critical
CVE-2020-13925 was published for org.apache.kylin:kylin-server-base (Maven) Jul 27, 2020
XXE attack in Mapfish Print Critical
CVE-2020-15232 was published for org.mapfish.print:print-lib (Maven) Jul 7, 2020
XML external entity injection in Terracotta Quartz Scheduler Critical
CVE-2019-13990 was published for org.quartz-scheduler:quartz (Maven) Jul 1, 2020
Improper Privilege Management in Tomcat Critical
CVE-2020-1938 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jun 15, 2020
Improper Input Validation in jackson-databind Critical
CVE-2019-17267 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jun 15, 2020
Insecure Deserialization in Apache XML-RPC Critical
CVE-2019-17570 was published for org.apache.xmlrpc:xmlrpc (Maven) Jun 10, 2020
dom4j allows External Entities by default which might enable XXE attacks Critical
CVE-2020-10683 was published for dom4j:dom4j (Maven) Jun 5, 2020
File system access via H2 in Apache Ignite Critical
CVE-2020-1963 was published for org.apache.ignite:ignite-core (Maven) Jun 5, 2020
Apache Camel Netty enables Java deserialization by default Critical
CVE-2020-11973 was published for org.apache.camel:camel-netty (Maven) May 21, 2020
Remote code execution in Apache Commons Configuration Critical
CVE-2020-1953 was published for org.apache.commons:commons-configuration2 (Maven) May 21, 2020
jackson-databind mishandles the interaction between serialization gadgets and typing Critical
CVE-2020-9547 was published for com.fasterxml.jackson.core:jackson-databind (Maven) May 15, 2020
jackson-databind mishandles the interaction between serialization gadgets and typing Critical
CVE-2020-9548 was published for com.fasterxml.jackson.core:jackson-databind (Maven) May 15, 2020
sunSUNQ
jackson-databind mishandles the interaction between serialization gadgets and typing Critical
CVE-2020-9546 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Apr 23, 2020
Negative charge in shopping cart in Shopizer Critical
CVE-2020-11007 was published for com.shopizer:sm-core-model (Maven) Apr 22, 2020
Predictable password in Keycloak Critical
CVE-2020-1731 was published for org.keycloak:keycloak-core (Maven) Apr 15, 2020
Improper Neutralization of CRLF Sequences in HTTP Headers in Jooby ('HTTP Response Splitting) Critical
CVE-2020-7622 was published for io.jooby:jooby-netty (Maven) Apr 3, 2020
JLLeitschuh
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database