GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,707 advisories
Filter by severity
High severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service
High
CVE-2015-7521
was published
for
org.apache.hive:hive
(Maven)
Nov 21, 2018
In Bouncy Castle JCE Provider the DHIES implementation allowed the use of ECB mode
High
CVE-2016-1000344
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 18, 2018
UnixAuthenticationService in Apache Ranger was updated to correctly handle user input to avoid Stack-based buffer overflow
High
CVE-2018-11778
was published
for
org.apache.ranger:ranger
(Maven)
Oct 17, 2018
Apache Ignite communicates to an external PHP server where sensitive information is sent
High
CVE-2017-7686
was published
for
org.apache.ignite:ignite-core
(Maven)
Oct 16, 2018
High severity vulnerability that affects com.typesafe.akka:akka-http-core_2.11 and com.typesafe.akka:akka-http-core_2.12
High
CVE-2018-16131
was published
for
com.typesafe.akka:akka-http-core_2.11
(Maven)
Oct 22, 2018
High severity vulnerability that affects org.apache.spark:spark-core_2.10 and org.apache.spark:spark-core_2.11
High
CVE-2017-12612
was published
for
org.apache.spark:spark-core_2.10
(Maven)
Nov 9, 2018
Apache Tika is vulnerable to entity expansions which can lead to a denial of service attack
High
CVE-2018-11796
was published
for
org.apache.tika:tika-core
(Maven)
Oct 17, 2018
Spark allows remote attackers to read arbitrary files via a .. (dot dot) in the URI
High
CVE-2016-9177
was published
for
com.sparkjava:spark-core
(Maven)
Oct 4, 2018
Moderate severity vulnerability that affects com.adobe.xmp:xmpcore
High
CVE-2016-4216
was published
for
com.adobe.xmp:xmpcore
(Maven)
Oct 19, 2018
High severity vulnerability that affects com.github.shyiko.ktlint:ktlint-core
High
CVE-2019-1010260
was published
for
com.github.shyiko.ktlint:ktlint-core
(Maven)
Apr 8, 2019
XML External Entity Injection in XStream
High
CVE-2016-3674
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Jun 30, 2020
High severity vulnerability that affects org.apache.hbase:hbase
High
CVE-2015-1836
was published
for
org.apache.hbase:hbase
(Maven)
Oct 18, 2018
The Bouncy Castle JCE Provider carry a propagation bug
High
CVE-2016-1000340
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 17, 2018
In Bouncy Castle JCE Provider the DSA key pair generator generates a weak private key if used with default values
High
CVE-2016-1000343
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 17, 2018
Unzip function in ZipUtil.java in Hutool allows remote attackers to overwrite arbitrary files via directory traversal
High
CVE-2018-17297
was published
for
cn.hutool:hutool-all
(Maven)
Oct 17, 2018
Apache Storm it is possible for the owner of a topology to trick the supervisor to launch a worker as a different, non-root, user
High
CVE-2017-9799
was published
for
org.apache.storm:storm-core
(Maven)
Oct 17, 2018
The REST Plugin in Apache Struts is using an outdated XStream library
High
CVE-2017-9793
was published
for
org.apache.struts:struts2-rest-plugin
(Maven)
Oct 16, 2018
In Bouncy Castle JCE Provider the ECIES implementation allowed the use of ECB mode
High
CVE-2016-1000352
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 17, 2018
Improper Privilege Management in Apache Karaf
High
CVE-2018-11786
was published
for
org.apache.karaf:apache-karaf
(Maven)
Dec 21, 2018
Denial of service due to reference expansion in versions earlier than 4.0
High
GHSA-mm44-wc5p-wqhq
was published
for
com.upokecenter:cbor
(Maven)
Jul 7, 2020
Denial of service in XStream
High
CVE-2017-7957
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Jun 30, 2020
Directory Traversal vulnerability in Square Retrofit
High
CVE-2018-1000850
was published
for
com.squareup.retrofit2:retrofit
(Maven)
Dec 21, 2018
Android SVG vulnerable to XML External Entity (XXE)
High
CVE-2017-1000498
was published
for
com.caverock:androidsvg
(Maven)
Oct 19, 2018
Access and integrity issue within Eclipse Jetty
High
CVE-2018-12538
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Oct 16, 2018
In Bouncy Castle JCE Provider ECDSA does not fully validate ASN.1 encoding of signature on verification
High
CVE-2016-1000342
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 17, 2018
ProTip!
Advisories are also available from the
GraphQL API