GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,231
Erlang
31
GitHub Actions
20
Go
1,991
Maven
5,000+
npm
3,709
NuGet
661
pip
3,341
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
50 advisories
Filter by severity
Cross-site Scripting in OpenCRX
Moderate
CVE-2023-40813
was published
for
org.opencrx:opencrx-core-models
(Maven)
Nov 18, 2023
Exposure of Sensitive Information to an Unauthorized Actor in Apache HttpClient
Moderate
CVE-2011-1498
was published
for
org.apache.httpcomponents:httpclient
(Maven)
May 17, 2022
Improper Neutralization of Input During Web Page Generation in JavaMelody
Moderate
CVE-2013-4378
was published
for
net.bull.javamelody:javamelody-core
(Maven)
May 17, 2022
XML Injection in Apache Solr
Moderate
CVE-2013-6408
was published
for
org.apache.solr:solr-core
(Maven)
May 17, 2022
Apache Solr UpdateRequestHandler for XML resolves XML External Entities
Moderate
CVE-2013-6407
was published
for
org.apache.solr:solr-core
(Maven)
May 17, 2022
Improper Limitation of a Pathname to a Restricted Directory in Apache Solr
Moderate
CVE-2013-6397
was published
for
org.apache.solr:solr-core
(Maven)
May 17, 2022
Cross-site Scripting in Apache ActiveMQ
Moderate
CVE-2012-6092
was published
for
org.apache.activemq:activemq-core
(Maven)
May 17, 2022
Improper Restriction of XML External Entity Reference in Apache POI
Moderate
CVE-2014-3529
was published
for
org.apache.poi:poi
(Maven)
May 17, 2022
Improper Input Validation in Apache POI
Moderate
CVE-2014-3574
was published
for
org.apache.poi:poi
(Maven)
May 17, 2022
Improper Input Validation in Apache Jackrabbit
Moderate
CVE-2015-1833
was published
for
org.apache.jackrabbit:jackrabbit-core
(Maven)
May 14, 2022
Improper Neutralization of Input During Web Page Generation in Apache Tomcat
Moderate
CVE-2010-4172
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in SonarSource SonarQube API
Moderate
CVE-2018-19413
was published
for
org.sonarsource.sonarqube:sonar-plugin-api
(Maven)
May 14, 2022
Missing Cryptographic Step in OWASP Enterprise Security API for Java
Moderate
CVE-2013-5960
was published
for
org.owasp.esapi:esapi
(Maven)
May 14, 2022
Improper Authentication in Hibernate Validator
Moderate
CVE-2014-3558
was published
for
org.hibernate:hibernate-validator
(Maven)
May 14, 2022
Directory Traversal in Apache Tomcat
Moderate
CVE-2008-5515
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Improper Input Validation in Apache Tomcat
Moderate
CVE-2014-0227
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Apache XML Security For Java vulnerable to Infinite Loop
Moderate
CVE-2013-5823
was published
for
org.apache.santuario:xmlsec
(Maven)
May 14, 2022
Netty denial of service vulnerability
Moderate
CVE-2014-0193
was published
for
io.netty:netty
(Maven)
May 13, 2022
Insufficient Verification of Data Authenticity in Async Http Client
Moderate
CVE-2013-7398
was published
for
com.ning:async-http-client
(Maven)
May 13, 2022
Insufficient Verification of Data Authenticity in Async Http Client
Moderate
CVE-2013-7397
was published
for
com.ning:async-http-client
(Maven)
May 13, 2022
Uncontrolled Resource Consumption in Apache Commons Compress
Moderate
CVE-2012-2098
was published
for
org.apache.commons:commons-compress
(Maven)
May 13, 2022
spring-integration-zip Arbitrary File Write
Moderate
CVE-2018-1263
was published
for
org.springframework.integration:spring-integration-zip
(Maven)
May 13, 2022
Inefficient Algorithmic Complexity in Apache Santuario XML Security
Moderate
CVE-2013-2172
was published
for
org.apache.santuario:xmlsec
(Maven)
May 13, 2022
Improper Input Validation in Apache Santuario XML Security
Moderate
CVE-2013-4517
was published
for
org.apache.santuario:xmlsec
(Maven)
May 13, 2022
Improper Input Validation in Apache Santuario XML Security
Moderate
CVE-2014-8152
was published
for
org.apache.santuario:xmlsec
(Maven)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API