GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
114 advisories
Filter by severity
Improper input validation in Apache Olingo
High
CVE-2019-17555
was published
for
org.apache.olingo:odata-client-core
(Maven)
Feb 4, 2020
The REST Plugin in Apache Struts is using an outdated XStream library
High
CVE-2017-9793
was published
for
org.apache.struts:struts2-rest-plugin
(Maven)
Oct 16, 2018
Denial of service in XStream
High
CVE-2017-7957
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Jun 30, 2020
Improper Input Validation in async-http-client
High
CVE-2017-14063
was published
for
org.asynchttpclient:async-http-client
(Maven)
Oct 19, 2018
Vulnerability in RPKI manifest validation
High
GHSA-q76j-58cx-wp5v
was published
for
net.ripe.rpki:rpki-validator-3
(Maven)
Nov 13, 2020
Improper input validation in Mort Bay Jetty
High
CVE-2009-4611
was published
for
org.mortbay.jetty:jetty
(Maven)
May 2, 2022
Improper Input Validation in BeanShell
High
CVE-2016-2510
was published
for
org.apache-extras.beanshell:bsh
(Maven)
May 13, 2022
Improper Input Validation in Jenkins
High
CVE-2017-1000391
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
Improper Input Validation in Apache Hadoop
High
CVE-2017-3162
was published
for
org.apache.hadoop:hadoop-client
(Maven)
May 13, 2022
Improper Input Validation in Apache Struts
High
CVE-2016-1181
was published
for
org.apache.struts:struts-core
(Maven)
May 13, 2022
Improper Input Validation in Jenkins
High
CVE-2017-1000394
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
Improper Input Validation Apache Commons Email
High
CVE-2018-1294
was published
for
org.apache.commons:commons-email
(Maven)
May 14, 2022
Improper Input Validation in Apache Struts
High
CVE-2015-0899
was published
for
org.apache.struts:struts-core
(Maven)
May 14, 2022
Improper Input Validation in Apache Axis2
High
CVE-2010-1632
was published
for
org.apache.axis2.wso2:axis2
(Maven)
May 17, 2022
Improper Input Validation in Apache Struts
High
CVE-2016-1182
was published
for
org.apache.struts:struts-core
(Maven)
May 13, 2022
Improper Input Validation in Apache Kafka
High
CVE-2018-17196
was published
for
org.apache.kafka:kafka
(Maven)
May 24, 2022
Improper Input Validation in Apache Commons Email
High
CVE-2017-9801
was published
for
org.apache.commons:commons-email
(Maven)
May 17, 2022
Improper Input Validation in Drools and jBPM
High
CVE-2014-8125
was published
for
org.drools:drools-core
(Maven)
May 17, 2022
Improper Input Validation in Apache Qpid AMQP 0-x JMS
High
CVE-2016-4974
was published
for
org.apache.qpid:qpid-jms-client
(Maven)
May 14, 2022
Improper Input Validation in Undertow
High
CVE-2020-1757
was published
for
io.undertow:undertow-core
(Maven)
May 24, 2022
Improper Input Validation in RESTEasy
High
CVE-2020-1695
was published
for
org.jboss.resteasy:resteasy-client
(Maven)
May 24, 2022
Improper Handling of Exceptional Conditions and Improper Input Validation in Reactor Netty
High
CVE-2020-5403
was published
for
io.projectreactor.netty:reactor-netty-http
(Maven)
Feb 10, 2022
Code injection in keycloak
High
CVE-2021-20222
was published
for
org.keycloak:keycloak-parent
(Maven)
May 13, 2021
Infinite loop in Tomcat due to parsing error
High
CVE-2021-41079
was published
for
org.apache.tomcat:tomcat
(Maven)
Sep 20, 2021
ballcat-codegen template engine remote code execution injection
High
CVE-2022-24881
was published
for
com.hccake:ballcat-codegen
(Maven)
Apr 27, 2022
ProTip!
Advisories are also available from the
GraphQL API