Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,707 advisories

Loading
OS Command Injection in craftercms:crafter-studio High
CVE-2018-19907 was published for org.craftercms:crafter-studio (Maven) Dec 19, 2018
Uncontrolled Resource Consumption in spray-json when parsing decimal digit fields High
CVE-2018-18853 was published for io.spray:spray-json_2.10 (Maven) Nov 9, 2018
Improper Restriction of Operations within the Bounds of a Memory Buffer in akka-http-core High
CVE-2017-1000118 was published for com.typesafe.akka:akka-http-core_2.11 (Maven) Oct 22, 2018
Improper Authentication in Keycloak High
CVE-2018-14637 was published for org.keycloak:keycloak-core (Maven) Dec 21, 2018
Server Side Request Forgery in svgSalamander High
CVE-2017-5617 was published for com.kitfox.svg:svg-salamander (Maven) Oct 19, 2018
Path Traversal in minsoft:ms-mcms High
CVE-2018-18831 was published for net.mingsoft:ms-mcms (Maven) Nov 1, 2018
Cross-Site Request Forgery (CSRF) in hswebframework.web:hsweb-commons High
CVE-2018-20595 was published for org.hswebframework.web:hsweb-commons (Maven) Jan 4, 2019
Stack Overflow in Apache Mesos High
CVE-2018-11793 was published for org.apache.mesos:mesos (Maven) Mar 6, 2019
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Pivotal CredHub Service Broker High
CVE-2018-15795 was published for org.springframework.credhub:spring-credhub-core (Maven) Nov 29, 2018
Apache juddi-client vulnerable to XML External Entity (XXE) High
CVE-2018-1307 was published for org.apache.juddi:juddi-client (Maven) Oct 19, 2018
Arbitrary Command Execution in Hadoop High
CVE-2018-11766 was published for org.apache.hadoop:hadoop-main (Maven) Dec 21, 2018
Deserialization of Untrusted Data in swagger-codegen High
CVE-2017-1000207 was published for io.swagger:swagger-codegen (Maven) Oct 19, 2018
Disabled Hostname Verification in Opencast High
CVE-2020-26234 was published for org.opencastproject:opencast-kernel (Maven) Dec 8, 2020
intrigus-lgtm
Improper Input Validation in async-http-client High
CVE-2017-14063 was published for org.asynchttpclient:async-http-client (Maven) Oct 19, 2018
Improper Authentication in Apache Karaf High
CVE-2018-11787 was published for org.apache.karaf:apache-karaf (Maven) Jan 7, 2019
Exposure of Sensitive Information to an Unauthorized Actor in Hadoop High
CVE-2018-1296 was published for org.apache.hadoop:hadoop-main (Maven) Feb 12, 2019
Vulnerability in RPKI manifest validation High
GHSA-q76j-58cx-wp5v was published for net.ripe.rpki:rpki-validator-3 (Maven) Nov 13, 2020
Improper Authentication in hive:hive-exec High
CVE-2018-11777 was published for org.apache.hive:hive-exec (Maven) Nov 21, 2018
Deserialization of Untrusted Data in swagger-parser High
CVE-2017-1000208 was published for io.swagger:swagger-codegen (Maven) Oct 19, 2018
Uncontrolled Resource Consumption in spray-json High
CVE-2018-18854 was published for io.spray:spray-json_2.10 (Maven) Nov 9, 2018
Regular expression denial of service (ReDoS) in EmailField component in Vaadin 14 and 15-17 High
GHSA-crh4-294p-vcfq was published for com.vaadin:vaadin-text-field-flow (Maven) Apr 19, 2021
Server classes and resources exposure in OSGi applications using Vaadin 12-14 and 19 High
GHSA-j9wr-49vq-rm5g was published for com.vaadin:vaadin-bom (Maven) Apr 19, 2021
XML External Entity Reference High
GHSA-7qfm-6m33-rgg9 was published for com.epam.reportportal:service-api (Maven) Aug 13, 2021
Regular expression Denial of Service (ReDoS) in EmailValidator class in V7 compatibility module in Vaadin 8 High
GHSA-jfmf-w293-8xr8 was published for com.vaadin:vaadin-bom (Maven) Oct 13, 2021
StefanPenndorf
Cleartext Transmission of Sensitive Information, Inclusion of Functionality from Untrusted Control Sphere , and Download of Code Without Integrity Check in Eclipse hawkBit High
CVE-2019-10240 was published for org.eclipse.hawkbit:hawkbit-autoconfigure (Maven) Apr 15, 2019
ProTip! Advisories are also available from the GraphQL API