Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

50 advisories

Loading
Improper Input Validation in Apache POI Moderate
CVE-2014-3574 was published for org.apache.poi:poi (Maven) May 17, 2022
MarkLee131
Improper Authentication in Hibernate Validator Moderate
CVE-2014-3558 was published for org.hibernate:hibernate-validator (Maven) May 14, 2022
MarkLee131
Improper Restriction of XML External Entity Reference in Apache POI Moderate
CVE-2014-3529 was published for org.apache.poi:poi (Maven) May 17, 2022
MarkLee131
Improper Input Validation in Apache Tomcat Moderate
CVE-2014-0227 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
MarkLee131
Netty denial of service vulnerability Moderate
CVE-2014-0193 was published for io.netty:netty (Maven) May 13, 2022
MarkLee131
Improper Verification of Cryptographic Signature in org.apache.httpcomponents:httpclient Moderate
CVE-2014-3577 was published for org.apache.httpcomponents:httpclient (Maven) Oct 17, 2018
MarkLee131
Improper Input Validation in Apache Santuario XML Security Moderate
CVE-2014-8152 was published for org.apache.santuario:xmlsec (Maven) May 13, 2022
MarkLee131
Improper Input Validation in Apache Jackrabbit Moderate
CVE-2015-1833 was published for org.apache.jackrabbit:jackrabbit-core (Maven) May 14, 2022
MarkLee131
Path traversal in org.springframework.integration:spring-integration-zip Moderate
CVE-2018-1261 was published for org.springframework.integration:spring-integration-zip (Maven) Oct 18, 2018
MarkLee131
spring-integration-zip Arbitrary File Write Moderate
CVE-2018-1263 was published for org.springframework.integration:spring-integration-zip (Maven) May 13, 2022
MarkLee131
Moderate severity vulnerability that affects org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cxf.fediz:fediz-spring3 Moderate
CVE-2017-12631 was published for org.apache.cxf.fediz:fediz-spring (Maven) Oct 18, 2018
MarkLee131
ZipSlip in org.apache.storm:storm-core Moderate
CVE-2018-8008 was published for org.apache.storm:storm-core (Maven) Oct 16, 2018
MarkLee131
Denial of Service in org.springframework:spring-core Moderate
CVE-2018-1257 was published for org.springframework:spring-core (Maven) Oct 17, 2018
sunSUNQ MarkLee131
Apache Struts's ParameterInterceptor component does not prevent access to public constructors Moderate
CVE-2012-0393 was published for org.apache.struts.xwork:xwork-core (Maven) May 4, 2022
sunSUNQ MarkLee131
Path Traversal in org.springframework:spring-core Moderate
CVE-2018-1271 was published for org.springframework:spring-core (Maven) Oct 17, 2018
sunSUNQ MarkLee131
Apache Struts's DebuggingInterceptor component allows remote code execution in developer mode Moderate
CVE-2012-0394 was published for org.apache.struts.xwork:xwork-core (Maven) May 4, 2022
sunSUNQ MarkLee131
Improper Neutralization of Input During Web Page Generation in Apache Tomcat Moderate
CVE-2010-4172 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ MarkLee131
Exposure of Sensitive Information to an Unauthorized Actor in Apache HttpClient Moderate
CVE-2011-1498 was published for org.apache.httpcomponents:httpclient (Maven) May 17, 2022
MarkLee131
Cross-site Scripting in Apache ActiveMQ Moderate
CVE-2012-6092 was published for org.apache.activemq:activemq-core (Maven) May 17, 2022
MarkLee131
Inefficient Algorithmic Complexity in Apache Santuario XML Security Moderate
CVE-2013-2172 was published for org.apache.santuario:xmlsec (Maven) May 13, 2022
MarkLee131
Improper Neutralization of Input During Web Page Generation in JavaMelody Moderate
CVE-2013-4378 was published for net.bull.javamelody:javamelody-core (Maven) May 17, 2022
MarkLee131
Improper Input Validation in Apache Santuario XML Security Moderate
CVE-2013-4517 was published for org.apache.santuario:xmlsec (Maven) May 13, 2022
MarkLee131
Apache XML Security For Java vulnerable to Infinite Loop Moderate
CVE-2013-5823 was published for org.apache.santuario:xmlsec (Maven) May 14, 2022
MarkLee131
Missing Cryptographic Step in OWASP Enterprise Security API for Java Moderate
CVE-2013-5960 was published for org.owasp.esapi:esapi (Maven) May 14, 2022
MarkLee131
Improper Limitation of a Pathname to a Restricted Directory in Apache Solr Moderate
CVE-2013-6397 was published for org.apache.solr:solr-core (Maven) May 17, 2022
MarkLee131
ProTip! Advisories are also available from the GraphQL API