GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
93 advisories
Filter by severity
Moderate severity vulnerability that affects org.apache.qpid:apache-qpid-broker-j
Moderate
CVE-2018-1298
was published
for
org.apache.qpid:apache-qpid-broker-j
(Maven)
Oct 19, 2018
Moderate severity vulnerability that affects org.apache.struts:struts2-rest-plugin
Moderate
CVE-2017-15707
was published
for
org.apache.struts:struts2-rest-plugin
(Maven)
Oct 16, 2018
Moderate severity vulnerability that affects org.apache.oozie:oozie-core
Moderate
CVE-2018-11799
was published
for
org.apache.oozie:oozie-core
(Maven)
Dec 20, 2018
Man-in-the-middle attack in Apache Axis
Moderate
CVE-2012-5784
was published
for
axis:axis
(Maven)
Oct 7, 2020
Directory traversal in development mode handler in Vaadin 14 and 15-17
Moderate
GHSA-82mf-mmh7-hxp5
was published
for
com.vaadin:vaadin-bom
(Maven)
Apr 19, 2021
Improper Input Validation in Mortbay Jetty
Moderate
CVE-2006-2759
was published
for
org.mortbay.jetty:jetty
(Maven)
May 1, 2022
Improper Input Validation in Apache Axis2
Moderate
CVE-2012-5785
was published
for
org.apache.axis2:axis2
(Maven)
May 17, 2022
Improper Input Validation in Apache Tomcat
Moderate
CVE-2011-4858
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Improper Input Validation in Apache Tomcat
Moderate
CVE-2014-0033
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Improper Input Validation in libpam4j
Moderate
CVE-2017-12197
was published
for
org.kohsuke:libpam4j
(Maven)
May 13, 2022
XML External Entity Reference in RESTEasy
Moderate
CVE-2014-7839
was published
for
org.jboss.resteasy:resteasy-jaxrs
(Maven)
May 17, 2022
Improper Input Validation in Apache Karaf
Moderate
CVE-2014-0219
was published
for
org.apache.karaf:apache-karaf
(Maven)
May 14, 2022
Improper Input Validation in Apache Batik
Moderate
CVE-2015-0250
was published
for
org.apache.xmlgraphics:batik
(Maven)
May 17, 2022
Improper Input Validation in Bouncy Castle
Moderate
CVE-2013-1624
was published
for
org.bouncycastle:bcprov-jdk15on
(Maven)
May 14, 2022
Improper Input Validation and Injection in Apache Log4j2
Moderate
CVE-2021-44832
was published
for
org.apache.logging.log4j:log4j-core
(Maven)
Jan 4, 2022
Proxy component of Apache Pulsar subject to abuse as Denial of Service endpoint
Moderate
CVE-2022-24280
was published
for
org.apache.pulsar:pulsar
(Maven)
Sep 25, 2022
JBoss RichFaces Improper Input Validation vulnerability
Moderate
CVE-2014-0086
was published
for
org.richfaces:richfaces
(Maven)
May 17, 2022
Code injection in Kubernetes Java Client
Moderate
CVE-2021-25738
was published
for
io.kubernetes:client-java
(Maven)
Oct 12, 2021
Possible route enumeration in production mode via RouteNotFoundError view in Vaadin 10, 11-14, and 15-19
Moderate
CVE-2021-31412
was published
for
com.vaadin:vaadin-bom
(Maven)
Jun 28, 2021
Improper Input Validation in OpenSymphony XWork
Moderate
CVE-2008-6504
was published
for
com.opensymphony:xwork
(Maven)
May 17, 2022
Improper Input Validation in Apache Archiva
Moderate
CVE-2019-0214
was published
for
org.apache.archiva:archiva
(Maven)
May 14, 2019
Improper input validation in Apache Santuario XML Security for Java
Moderate
CVE-2019-12400
was published
for
org.apache.santuario:xmlsec
(Maven)
Aug 27, 2019
Moderate severity vulnerability that affects com.fasterxml.jackson.datatype:jackson-datatype-jsr353
Moderate
CVE-2018-1000873
was published
for
com.fasterxml.jackson.datatype:jackson-datatype-jsr310
(Maven)
Dec 21, 2018
Improper Input Validation in Hibernate Validator
Moderate
CVE-2020-10693
was published
for
org.hibernate.validator:hibernate-validator
(Maven)
Jun 4, 2021
Directory traversal in development mode handler in Vaadin 14 and 15-17
Moderate
CVE-2020-36321
was published
for
com.vaadin:flow-server
(Maven)
Apr 19, 2021
ProTip!
Advisories are also available from the
GraphQL API