Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,471
Erlang
33
GitHub Actions
24
Go
2,174
Maven
5,000+
npm
3,835
NuGet
696
pip
3,511
Pub
12
RubyGems
910
Rust
908
Swift
38
Unreviewed advisories
All unreviewed
5,000+

5,403 advisories

Loading
skylot jadx affected by Incorrect Behavior Order in vulnerable dependency Moderate
GHSA-fjh6-p566-wr6q was published for io.github.skylot:jadx-core (Maven) Jul 21, 2022
Roulettiq
Java Melody vulnerable to cross-site scripting Critical
CVE-2016-1000273 was published for net.bull.javamelody:javamelody-core (Maven) Jul 20, 2022
Uncontrolled Resource Consumption in Spray JSON Moderate
CVE-2018-18855 was published for io.spray:spray-json (Maven) Jun 28, 2022
Apiman has potential permissions bypass High
CVE-2022-47551 was published for io.apiman:apiman-manager-api-rest-impl (Maven) Jan 3, 2023
exist-db:exist-core XML External Entity (XXE) vulnerability Critical
CVE-2018-1000823 was published for org.exist-db:exist-core (Maven) Dec 20, 2018
Class Loading Vulnerability in Artemis High
GHSA-227w-wv4j-67h4 was published for de.tum.in.ase:artemis-java-test-sandbox (Maven) Feb 9, 2022
juliuskreutz
Improper Authorization in org.apache.hbase:hbase High
CVE-2019-0212 was published for org.apache.hbase:hbase (Maven) Apr 2, 2019
Improper Privilege Management in org.apache.hadoop:hadoop-main High
CVE-2018-11767 was published for org.apache.hadoop:hadoop-main (Maven) Mar 25, 2019
io.ratpack:ratpack-core vulnerable to Improper Neutralization of Special Elements in Output ('Injection') High
CVE-2019-17513 was published for io.ratpack:ratpack-core (Maven) Oct 21, 2019
Improper Authentication in org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service High
CVE-2015-1772 was published for org.apache.hive:hive (Maven) Mar 14, 2019
Uncontrolled Resource Consumption in org.eclipse.jetty:jetty-server High
CVE-2018-12545 was published for org.eclipse.jetty:jetty-server (Maven) Mar 28, 2019
org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service vulnerable to Improper Certificate Validation High
CVE-2016-3083 was published for org.apache.hive:hive (Maven) Mar 14, 2019
Improper Limitation of a Pathname ('Path Traversal') in org.apache.solr:solr-core High
CVE-2017-3163 was published for org.apache.solr:solr-core (Maven) Oct 18, 2018
Server-Side Request Forgery (SSRF) in org.apache.solr:solr-core High
CVE-2017-3164 was published for org.apache.solr:solr-core (Maven) Mar 14, 2019
Improper Authentication in org.keycloak:keycloak-core High
CVE-2016-8609 was published for org.keycloak:keycloak-core (Maven) Oct 18, 2018
Jinjava calls getClass Moderate
CVE-2018-18893 was published for com.hubspot.jinjava:jinjava (Maven) Jan 4, 2019
Improper Limitation of a Pathname ('Path Traversal') in org.apache.jspwiki:jspwiki-war High
CVE-2019-0225 was published for org.apache.jspwiki:jspwiki-war (Maven) Apr 8, 2019
Security Advisory for "Log4Shell" Critical
GHSA-v57x-gxfj-484q was published for com.hazelcast.jet:hazelcast-jet (Maven) Jan 21, 2022
frant-hartm
Denial of service in CBOR library High
GHSA-fj2w-wfgv-mwq6 was published for com.upokecenter:cbor (Maven) Jan 21, 2022
Trust Boundary Violation due to Incomplete Blacklist in Test Failure Processing in Ares High
GHSA-883x-6fch-6wjx was published for de.tum.in.ase:artemis-java-test-sandbox (Maven) Jan 21, 2022
Haspamelodica
Remote code injection, Improper Input Validation and Uncontrolled Recursion in Log4j library Critical
GHSA-3qpm-h9ch-px3c was published for org.powernukkit:powernukkit (Maven) Jan 6, 2022
LoboMetalurgico PleaseInsertNameHere
com.amazon.redshift:redshift-jdbc42 vulnerable to remote command execution High
CVE-2022-41828 was published for com.amazon.redshift:redshift-jdbc42 (Maven) Oct 12, 2022
Apiman Manager API affected by Jackson denial of service vulnerability Moderate
GHSA-q95j-488q-5q3p was published for io.apiman:apiman-manager-api-impl (Maven) Jan 9, 2023
Stored Cross-Site Scripting (XSS) in Keycloak via groups dropdown Moderate
GHSA-755v-r4x4-qf7m was published for org.keycloak:keycloak-core (Maven) Nov 29, 2022
jxn0
Using JMSAppender in log4j configuration may lead to deserialization of untrusted data High
GHSA-3w6p-8f82-gw8r was published for ru.yandex.clickhouse:clickhouse-jdbc-bridge (Maven) Dec 17, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database