GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,476
Erlang
33
GitHub Actions
24
Go
2,203
Maven
5,000+
npm
3,852
NuGet
696
pip
3,637
Pub
12
RubyGems
911
Rust
913
Swift
38
Unreviewed advisories
All unreviewed
5,000+
2,560 advisories
Filter by severity
Moderate severity vulnerability that affects org.keycloak:keycloak-core
Moderate
CVE-2017-1000500
was published
for
org.keycloak:keycloak-core
(Maven)
Oct 18, 2018
•
withdrawn
Moderate severity vulnerability that affects org.apache.struts:struts2-rest-plugin
Moderate
CVE-2017-15707
was published
for
org.apache.struts:struts2-rest-plugin
(Maven)
Oct 16, 2018
Moderate severity vulnerability that affects org.b3log:symphony
Moderate
CVE-2019-9142
was published
for
org.b3log:symphony
(Maven)
Mar 6, 2019
Apache Ranger allows remote authenticated administrators to inject arbitrary web script or HTML
Moderate
CVE-2016-5395
was published
for
org.apache.ranger:ranger
(Maven)
Oct 17, 2018
Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15
Moderate
CVE-2016-1000341
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 17, 2018
Moderate severity vulnerability that affects org.apache.tomcat.embed:tomcat-embed-core
Moderate
GHSA-r53m-pfr5-7v87
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Apr 18, 2019
•
withdrawn
Directory traversal in Apache RocketMQ
Moderate
CVE-2019-17572
was published
for
org.apache.rocketmq:rocketmq-broker
(Maven)
Jul 1, 2020
Moderate severity vulnerability that affects org.apache.ranger:ranger
Moderate
CVE-2016-6815
was published
for
org.apache.ranger:ranger
(Maven)
Oct 17, 2018
Moderate severity vulnerability that affects org.apache.oozie:oozie-core
Moderate
CVE-2018-11799
was published
for
org.apache.oozie:oozie-core
(Maven)
Dec 20, 2018
Privilege escalation in mysql-connector-jav
Moderate
CVE-2019-2692
was published
for
mysql:mysql-connector-java
(Maven)
Jul 1, 2020
Cross-site Scripting in jspwiki-war
Moderate
CVE-2018-20242
was published
for
org.apache.jspwiki:jspwiki-war
(Maven)
Feb 12, 2019
Moderate severity vulnerability that affects org.hswebframework.web:hsweb-commons
Moderate
CVE-2018-20594
was published
for
org.hswebframework.web:hsweb-commons
(Maven)
Jan 4, 2019
Apache Ranger admin users can store some arbitrary javascript code to be executed when normal users login and access policies
Moderate
CVE-2016-8751
was published
for
org.apache.ranger:ranger
(Maven)
Oct 17, 2018
Moderate severity vulnerability that affects com.rabbitmq:amqp-client and org.springframework.amqp:spring-amqp
Moderate
CVE-2018-11087
was published
for
com.rabbitmq:amqp-client
(Maven)
Oct 18, 2018
Moderate severity vulnerability that affects org.owasp.antisamy:antisamy
Moderate
CVE-2018-1000643
was published
for
org.owasp.antisamy:antisamy
(Maven)
Oct 18, 2018
•
withdrawn
Improper Control of Interaction Frequency in Apache syncope-core
Moderate
CVE-2018-17184
was published
for
org.apache.syncope:syncope-core
(Maven)
Nov 6, 2018
Undertow-core vulnerable to HTTP Request Smuggling
Moderate
CVE-2017-2666
was published
for
io.undertow:undertow-core
(Maven)
Oct 19, 2018
CSRF in Play Framework
Moderate
CVE-2020-12480
was published
for
com.typesafe.play:play_2.12
(Maven)
Aug 18, 2020
Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark via crafted URL
Moderate
CVE-2018-8024
was published
for
org.apache.spark:spark-core_2.10
(Maven)
Mar 14, 2019
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') in Armeria
Moderate
GHSA-35fr-h7jr-hh86
was published
for
com.linecorp.armeria:armeria
(Maven)
Dec 6, 2019
JavaScript execution via malicious molfiles (XSS)
Moderate
GHSA-2pwh-52h7-7j84
was published
for
de.ipb-halle:molecularfaces
(Maven)
Apr 16, 2021
Timing side channel vulnerability in UIDL request handler in Vaadin 10, 11-14, and 15-18
Moderate
GHSA-c6c4-7x48-4cqp
was published
for
com.vaadin:vaadin-bom
(Maven)
Apr 19, 2021
Man-in-the-middle attack in Apache Axis
Moderate
CVE-2012-5784
was published
for
axis:axis
(Maven)
Oct 7, 2020
Reflected cross-site scripting in default RouteNotFoundError view in Vaadin 10 and 11-13
Moderate
GHSA-jqj4-r483-4gvr
was published
for
com.vaadin:vaadin-bom
(Maven)
Apr 19, 2021
Directory traversal in development mode handler in Vaadin 14 and 15-17
Moderate
GHSA-82mf-mmh7-hxp5
was published
for
com.vaadin:vaadin-bom
(Maven)
Apr 19, 2021
ProTip!
Advisories are also available from the
GraphQL API