GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
2,450 advisories
Filter by severity
Cross-site scripting in Apache JSPWiki
Moderate
CVE-2019-10087
was published
for
org.apache.jspwiki:jspwiki-war
(Maven)
Oct 11, 2019
Cross-site scripting in Apache JSPWiki
Moderate
CVE-2019-10090
was published
for
org.apache.jspwiki:jspwiki-war
(Maven)
Oct 11, 2019
Cross-site scripting in Sakai
Moderate
CVE-2019-16148
was published
for
org.sakaiproject:chat-base
(Maven)
Sep 23, 2019
Improper Verification of Cryptographic Signature in keycloak
Moderate
CVE-2019-10201
was published
for
org.keycloak:keycloak-core
(Maven)
Sep 23, 2019
Improper Handling of Exceptional Conditions and Origin Validation Error in Eclipse Paho Java client library
Moderate
CVE-2019-11777
was published
for
org.eclipse.paho:org.eclipse.paho.client.mqttv3
(Maven)
Sep 17, 2019
Incorrect Resource Transfer Between Spheres in eclipse-wtp
Moderate
CVE-2019-10753
was published
for
com.diffplug.spotless:spotless-eclipse-cdt
(Maven)
Sep 11, 2019
Improper input validation in Apache Santuario XML Security for Java
Moderate
CVE-2019-12400
was published
for
org.apache.santuario:xmlsec
(Maven)
Aug 27, 2019
Cross-site Scripting in Jooby
Moderate
CVE-2019-15477
was published
for
org.jooby:jooby
(Maven)
Aug 27, 2019
Cross-site Scripting in Ignite Realtime Openfire
Moderate
CVE-2019-15488
was published
for
org.igniterealtime.openfire:xmppserver
(Maven)
Aug 27, 2019
Cross-site scripting in Apache Ranger
Moderate
CVE-2019-12397
was published
for
org.apache.ranger:ranger
(Maven)
Aug 16, 2019
Allocation of Resources Without Limits or Throttling in Apache Tika
Moderate
CVE-2019-10093
was published
for
org.apache.tika:tika-parsers
(Maven)
Aug 6, 2019
Improper Input Validation and Missing Authentication for Critical Function in Apache ActiveMQ
Moderate
CVE-2015-7559
was published
for
org.apache.activemq:activemq-client
(Maven)
Aug 1, 2019
Deserialization of untrusted data in FasterXML jackson-databind
Moderate
CVE-2019-12814
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jul 17, 2019
Deserialization of Untrusted Data in FasterXML jackson-databind
Moderate
CVE-2019-12384
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jul 5, 2019
Improper Certificate Validation and Insufficient Verification of Data Authenticity in Keycloak
Moderate
CVE-2019-3875
was published
for
org.keycloak:keycloak-core
(Maven)
Jun 27, 2019
Argument Injection in Apache Geode server
Moderate
CVE-2017-15694
was published
for
org.apache.geode:geode-core
(Maven)
Jun 26, 2019
Open Redirect in Spring Security OAuth
Moderate
CVE-2019-11269
was published
for
org.springframework.security.oauth:spring-security-oauth
(Maven)
Jun 13, 2019
Cross-site Scripting in HAPI FHIR
Moderate
CVE-2019-12741
was published
for
ca.uhn.hapi.fhir:hapi-fhir-base
(Maven)
Jun 7, 2019
Cross-site Scriptin in JSPWiki
Moderate
CVE-2019-10078
was published
for
org.apache.jspwiki:jspwiki-main
(Maven)
Jun 6, 2019
Cross-site Scripting in JSPWiki
Moderate
CVE-2019-10077
was published
for
org.apache.jspwiki:jspwiki-main
(Maven)
Jun 6, 2019
Cross-Site Scripting in JSPWiki
Moderate
CVE-2019-10076
was published
for
org.apache.jspwiki:jspwiki-main
(Maven)
Jun 6, 2019
Improper Neutralization of Wildcards or Matching Symbols
Moderate
CVE-2019-3802
was published
for
org.springframework.data:spring-data-jpa
(Maven)
Jun 4, 2019
Cross-site scripting in Apache Tomcat
Moderate
CVE-2019-0221
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
May 30, 2019
Access control bypass in Apache ZooKeeper
Moderate
CVE-2019-0201
was published
for
org.apache.zookeeper:zookeeper
(Maven)
May 29, 2019
Path Traversal in Spring Cloud Config
Moderate
CVE-2019-3799
was published
for
org.springframework.cloud:spring-cloud-config-server
(Maven)
May 23, 2019
ProTip!
Advisories are also available from the
GraphQL API