Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,340
Erlang
31
GitHub Actions
22
Go
2,101
Maven
5,000+
npm
3,764
NuGet
679
pip
3,451
Pub
12
RubyGems
892
Rust
885
Swift
37
Unreviewed advisories
All unreviewed
5,000+

1,781 advisories

Loading
XML External Entity (XXE) Injection in Jackson Databind High
CVE-2020-25649 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Feb 18, 2021
yair-apiiro sunSUNQ
Remote Code Execution in SCIMono High
CVE-2021-21479 was published for com.sap.scimono:scimono-server (Maven) Feb 10, 2021
Code injection in Apache Ant High
CVE-2020-11979 was published for org.apache.ant:ant (Maven) Feb 3, 2021
cpropps-sysdig
Unbounded connection acceptance in http4s-blaze-server High
CVE-2021-21294 was published for org.http4s:http4s-blaze-server_2.12 (Maven) Feb 2, 2021
Unbounded connection acceptance leads to file handle exhaustion High
CVE-2021-21293 was published for org.http4s:blaze-core_2.11 (Maven) Feb 2, 2021
Reflected Cross-site Scripting in ACS Commons High
CVE-2021-21028 was published for com.adobe.acs:acs-aem-commons (Maven) Feb 2, 2021
Path Traversal in the Java Kubernetes Client High
CVE-2020-8570 was published for io.kubernetes:client-java (Maven) Jan 29, 2021
Deserialization of untrusted data in jackson-databind High
CVE-2021-20190 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jan 20, 2021
sharonbz sunSUNQ
Denial of Service in Apache POI High
CVE-2017-12626 was published for org.apache.poi:poi (Maven) Jan 14, 2021
Path Traversal in Apache Flink High
CVE-2020-17519 was published for org.apache.flink:flink-runtime_2.11 (Maven) Jan 6, 2021
stephanmiehe
Directory Traversal in spring-boot-actuator-logview High
CVE-2021-21234 was published for eu.hinsch:spring-boot-actuator-logview (Maven) Jan 5, 2021
st0rmi
Server-Side Template Injection High
CVE-2020-26282 was published for com.browserup:browserup-proxy (Maven) Dec 24, 2020
pwntester dpowell
Disabled Hostname Verification in Opencast High
CVE-2020-26234 was published for org.opencastproject:opencast-kernel (Maven) Dec 8, 2020
intrigus-lgtm
XStream can be used for Remote Code Execution High
CVE-2020-26217 was published for com.thoughtworks.xstream:xstream (Maven) Nov 16, 2020
Vulnerability in RPKI manifest validation High
GHSA-q76j-58cx-wp5v was published for net.ripe.rpki:rpki-validator-3 (Maven) Nov 13, 2020
Local Temp Directory Hijacking Vulnerability High
CVE-2020-27216 was published for org.eclipse.jetty:jetty-webapp (Maven) Nov 4, 2020
JLLeitschuh timtebeek
RCE in XWiki High
CVE-2020-15252 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Oct 16, 2020
Potential access control security issue in apollo-adminservice High
CVE-2020-15170 was published for com.ctrip.framework.apollo:apollo-core (Maven) Oct 2, 2020
Security Constraint Bypass in Spring Security High
CVE-2016-9879 was published for org.springframework.security:spring-security-core (Maven) Sep 15, 2020
SunBK201
XXE in Apache Standard Taglibs High
CVE-2015-0254 was published for org.apache.taglibs:taglibs-standard (Maven) Sep 14, 2020
Server side template injection in Apache Camel High
CVE-2020-11994 was published for org.apache.camel:camel-robotframework (Maven) Jul 29, 2020
Command Injection in Kylin High
CVE-2020-1956 was published for org.apache.kylin:kylin-core-common (Maven) Jul 27, 2020
Denial of service due to reference expansion in versions earlier than 4.0 High
GHSA-mm44-wc5p-wqhq was published for com.upokecenter:cbor (Maven) Jul 7, 2020
Denial of service in XStream High
CVE-2017-7957 was published for com.thoughtworks.xstream:xstream (Maven) Jun 30, 2020
XML External Entity Injection in XStream High
CVE-2016-3674 was published for com.thoughtworks.xstream:xstream (Maven) Jun 30, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database