Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,651
Maven
5,000+
npm
4,279
NuGet
760
pip
4,066
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,959 advisories

Loading
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat High
CVE-2021-25122 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jun 16, 2021
Uncontrolled Resource Consumption in Apache OpenMeetings server High
CVE-2021-27576 was published for org.apache.openmeetings:openmeetings-parent (Maven) Jun 16, 2021
Code injection in Apache Druid High
CVE-2021-25646 was published for org.apache.druid:druid (Maven) Jun 16, 2021
Improper Authentication in Apache ActiveMQ and Apache Artemis High
CVE-2021-26117 was published for org.apache.activemq:activemq-parent (Maven) Jun 16, 2021
sunSUNQ
Credited to sunSUNQ
Apache ActiveMQ Artemis vulnerable to Improper Access Control High
CVE-2021-26118 was published for org.apache.activemq:artemis-openwire-protocol (Maven) Jun 16, 2021
Cryptographically weak CSRF tokens in Apache MyFaces High
CVE-2021-26296 was published for org.apache.myfaces.core:myfaces-core-module (Maven) Jun 16, 2021
CSRF vulnerability in Jenkins Xray - Test Management for Jira Plugin allows capturing credentials High
CVE-2021-21652 was published for org.jenkins-ci.plugins:xray-connector (Maven) Jun 16, 2021
NotMyFault
Credited to NotMyFault
Improper Authentication in Atlassian Connect Spring Boot High
CVE-2021-26077 was published for com.atlassian.connect:atlassian-connect-spring-boot (Maven) Jun 16, 2021
Shell command injection in Apache Syncope High
CVE-2020-11977 was published for org.apache.syncope:syncope (Maven) Jun 16, 2021
Injection in Apache Syncope High
CVE-2020-1961 was published for org.apache.syncope:syncope-core (Maven) Jun 16, 2021
Command injection in Apache Unomi High
CVE-2021-31164 was published for org.apache.unomi:unomi (Maven) Jun 16, 2021
Cross-Site Scripting High
CVE-2021-20293 was published for org.jboss.resteasy:resteasy-bom (Maven) Jun 15, 2021
SnakeYAML Entity Expansion during load operation High
CVE-2017-18640 was published for org.yaml:snakeyaml (Maven) Jun 4, 2021
oliverchang
Credited to oliverchang
Cross-Site Request Forgery in OpenNMS Horizon High
CVE-2021-25931 was published for org.opennms:opennms (Maven) May 25, 2021
Deserialization of Untrusted Data in Apache Camel RabbitMQ High
CVE-2020-11972 was published for org.apache.camel:camel-rabbitmq (Maven) May 21, 2021
Improper Input Validation in Apache Camel High
CVE-2020-11971 was published for org.apache.camel:camel (Maven) May 21, 2021
raboof
Credited to raboof
XStream is vulnerable to a Remote Command Execution attack High
CVE-2021-29505 was published for com.thoughtworks.xstream:xstream (Maven) May 18, 2021
decsecre583
Credited to decsecre583
XWiki users registered with email verification can self re-activate their disabled accounts High
CVE-2021-32620 was published for org.xwiki.commons:xwiki-commons-core (Maven) May 18, 2021
anonymous-nlp-student
Credited to anonymous-nlp-student
Script injection without script or programming rights through Gadget titles High
CVE-2021-32621 was published for org.xwiki.commons:xwiki-commons-core (Maven) May 18, 2021
Uncaught Exception leading to Denial of Service in json-sanitizer High
CVE-2021-23900 was published for com.mikesamuel:json-sanitizer (Maven) May 13, 2021
Authorization service vulnerable to DDos attacks in Apache CFX High
CVE-2021-22696 was published for org.apache.cxf:apache-cxf (Maven) May 13, 2021
Server Side Request Forgery (SSRF) in org.mitre:openid-connect-server High
CVE-2021-26715 was published for org.mitre:openid-connect-server (Maven) May 13, 2021
Code injection in keycloak High
CVE-2021-20222 was published for org.keycloak:keycloak-parent (Maven) May 13, 2021
Privilege escalation in spring security High
CVE-2021-22112 was published for org.springframework.security:spring-security-bom (Maven) May 10, 2021
Improper permission handling in Apache Solr High
CVE-2021-29262 was published for org.apache.solr:solr-core (Maven) May 10, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database