GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,360
Erlang
33
GitHub Actions
22
Go
2,127
Maven
5,000+
npm
3,793
NuGet
683
pip
3,471
Pub
12
RubyGems
894
Rust
894
Swift
38
Unreviewed advisories
All unreviewed
5,000+
5,308 advisories
Filter by severity
Moderate severity vulnerability that affects org.apache.spark:spark-core_2.10 and org.apache.spark:spark-core_2.11
Moderate
CVE-2017-7678
was published
for
org.apache.spark:spark-core_2.10
(Maven)
Nov 9, 2018
In Bouncy Castle JCE Provider the DSA key pair generator generates a weak private key if used with default values
High
CVE-2016-1000343
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 17, 2018
The Bouncy Castle JCE Provider carry a propagation bug
High
CVE-2016-1000340
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 17, 2018
Unzip function in ZipUtil.java in Hutool allows remote attackers to overwrite arbitrary files via directory traversal
High
CVE-2018-17297
was published
for
cn.hutool:hutool-all
(Maven)
Oct 17, 2018
Moderate severity vulnerability that affects org.keycloak:keycloak-core
Moderate
CVE-2017-1000500
was published
for
org.keycloak:keycloak-core
(Maven)
Oct 18, 2018
•
withdrawn
Moderate severity vulnerability that affects org.apache.struts:struts2-rest-plugin
Moderate
CVE-2017-15707
was published
for
org.apache.struts:struts2-rest-plugin
(Maven)
Oct 16, 2018
Apache Storm it is possible for the owner of a topology to trick the supervisor to launch a worker as a different, non-root, user
High
CVE-2017-9799
was published
for
org.apache.storm:storm-core
(Maven)
Oct 17, 2018
Moderate severity vulnerability that affects org.b3log:symphony
Moderate
CVE-2019-9142
was published
for
org.b3log:symphony
(Maven)
Mar 6, 2019
Apache Ranger allows remote authenticated administrators to inject arbitrary web script or HTML
Moderate
CVE-2016-5395
was published
for
org.apache.ranger:ranger
(Maven)
Oct 17, 2018
Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15
Moderate
CVE-2016-1000341
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 17, 2018
Critical severity vulnerability that affects org.apache.solr:solr-core
Critical
CVE-2019-0192
was published
for
org.apache.solr:solr-core
(Maven)
Mar 14, 2019
Moderate severity vulnerability that affects org.apache.tomcat.embed:tomcat-embed-core
Moderate
GHSA-r53m-pfr5-7v87
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Apr 18, 2019
•
withdrawn
Moderate severity vulnerability that affects org.apache.ranger:ranger
Moderate
CVE-2016-6815
was published
for
org.apache.ranger:ranger
(Maven)
Oct 17, 2018
Directory traversal in Apache RocketMQ
Moderate
CVE-2019-17572
was published
for
org.apache.rocketmq:rocketmq-broker
(Maven)
Jul 1, 2020
In Bouncy Castle JCE Provider the ECIES implementation allowed the use of ECB mode
High
CVE-2016-1000352
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 17, 2018
The REST Plugin in Apache Struts is using an outdated XStream library
High
CVE-2017-9793
was published
for
org.apache.struts:struts2-rest-plugin
(Maven)
Oct 16, 2018
Moderate severity vulnerability that affects org.apache.oozie:oozie-core
Moderate
CVE-2018-11799
was published
for
org.apache.oozie:oozie-core
(Maven)
Dec 20, 2018
Use of Insufficiently Random Values in penggle:kaptcha
Critical
CVE-2018-18531
was published
for
com.github.penggle:kaptcha
(Maven)
Oct 23, 2018
Denial of service due to reference expansion in versions earlier than 4.0
High
GHSA-mm44-wc5p-wqhq
was published
for
com.upokecenter:cbor
(Maven)
Jul 7, 2020
Directory Traversal vulnerability in Square Retrofit
High
CVE-2018-1000850
was published
for
com.squareup.retrofit2:retrofit
(Maven)
Dec 21, 2018
Improper Privilege Management in Apache Karaf
High
CVE-2018-11786
was published
for
org.apache.karaf:apache-karaf
(Maven)
Dec 21, 2018
Denial of service in XStream
High
CVE-2017-7957
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Jun 30, 2020
XML External Entity (XXE) vulnerability in codelibs fess
Critical
CVE-2018-1000822
was published
for
org.codelibs.fess:fess
(Maven)
Dec 20, 2018
Cryptographically Weak Pseudo-Random Number Generator (PRNG) in akka-actor
Critical
CVE-2018-16115
was published
for
com.typesafe.akka:akka-actor_2.11
(Maven)
Oct 22, 2018
Android SVG vulnerable to XML External Entity (XXE)
High
CVE-2017-1000498
was published
for
com.caverock:androidsvg
(Maven)
Oct 19, 2018
ProTip!
Advisories are also available from the
GraphQL API