GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
171 advisories
Filter by severity
ZipSlip in org.apache.storm:storm-core
Moderate
CVE-2018-8008
was published
for
org.apache.storm:storm-core
(Maven)
Oct 16, 2018
Apache Camel's Mail is vulnerable to path traversal
Moderate
CVE-2018-8041
was published
for
org.apache.camel:camel-mail
(Maven)
Oct 16, 2018
Improper Verification of Cryptographic Signature in org.apache.httpcomponents:httpclient
Moderate
CVE-2014-3577
was published
for
org.apache.httpcomponents:httpclient
(Maven)
Oct 17, 2018
Comparison errorr in org.apache.tika:tika-core
Moderate
CVE-2018-8017
was published
for
org.apache.tika:tika-core
(Maven)
Oct 17, 2018
Moderate severity vulnerability that affects io.vertx:vertx-core
Moderate
CVE-2018-12544
was published
for
io.vertx:vertx-core
(Maven)
Oct 17, 2018
XML external entity expansion in org.apache.solr:solr-core
Moderate
CVE-2018-8026
was published
for
org.apache.solr:solr-core
(Maven)
Oct 17, 2018
There is a XML external entity expansion (XXE) vulnerability in Apache Solr config files
Moderate
CVE-2018-8010
was published
for
org.apache.solr:solr-core
(Maven)
Oct 17, 2018
Denial of Service in org.springframework:spring-core
Moderate
CVE-2018-1257
was published
for
org.springframework:spring-core
(Maven)
Oct 17, 2018
Path Traversal in org.springframework:spring-core
Moderate
CVE-2018-1271
was published
for
org.springframework:spring-core
(Maven)
Oct 17, 2018
Moderate severity vulnerability that affects org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cxf.fediz:fediz-spring3
Moderate
CVE-2017-12631
was published
for
org.apache.cxf.fediz:fediz-spring
(Maven)
Oct 18, 2018
Path traversal in org.springframework.integration:spring-integration-zip
Moderate
CVE-2018-1261
was published
for
org.springframework.integration:spring-integration-zip
(Maven)
Oct 18, 2018
Exposure of Sensitive Information to an Unauthorized Actor in Apache syncope-cope
Moderate
CVE-2018-1322
was published
for
org.apache.syncope:syncope-core
(Maven)
Nov 6, 2018
Improper Restriction of Rendered UI Layers or Frames in Apache nifif
Moderate
CVE-2018-17192
was published
for
org.apache.nifi:nifi
(Maven)
Dec 20, 2018
Cross site scripting in org.apache.nifi:nifi
Moderate
CVE-2018-17193
was published
for
org.apache.nifi:nifi
(Maven)
Dec 20, 2018
Django vulnerable to XSS on 500 pages
Moderate
CVE-2017-12794
was published
for
Django
(pip)
Jan 4, 2019
Apache Commons Compress vulnerable to denial of service due to infinite loop
Moderate
CVE-2018-1324
was published
for
com.liferay:com.liferay.portal.tools.bundle.support
(Maven)
Mar 14, 2019
Django Cross-site scripting (XSS) vulnerability
Moderate
CVE-2008-2302
was published
for
django
(pip)
May 1, 2022
Apache Tomcat Directory Traversal vulnerability
Moderate
CVE-2008-2938
was published
for
org.apache.tomcat:tomcat
(Maven)
May 1, 2022
Apache Geronimo Application Server multiple cross-site scripting (XSS) vulnerabilities
Moderate
CVE-2009-0038
was published
for
org.apache.geronimo.plugins:console
(Maven)
May 2, 2022
Apache Geronimo Application Server CSRF vulnerabilities
Moderate
CVE-2009-0039
was published
for
org.apache.geronimo.plugins:console
(Maven)
May 2, 2022
ProTip!
Advisories are also available from the
GraphQL API