Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,471
Erlang
33
GitHub Actions
24
Go
2,180
Maven
5,000+
npm
3,836
NuGet
696
pip
3,555
Pub
12
RubyGems
910
Rust
908
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,820 advisories

Loading
Improper Input Validation and Cross-Site Request Forgery in Keycloak High
CVE-2019-10199 was published for org.keycloak:keycloak-core (Maven) Sep 23, 2019
OS Command Injection in Nexus Yum Repository Plugin High
CVE-2019-5475 was published for org.sonatype.nexus.plugins:nexus-yum-repository-plugin (Maven) Sep 11, 2019
Sensitive data written to disk unencrypted in Spark High
CVE-2019-10099 was published for org.apache.spark:spark-core_2.11 (Maven) Aug 8, 2019
Allocation of Resources Without Limits or Throttling in Apache Tika High
CVE-2019-10088 was published for org.apache.tika:tika-core (Maven) Aug 6, 2019
Allocation of Resources Without Limits or Throttling in Apache Tika High
CVE-2019-10094 was published for org.apache.tika:tika-core (Maven) Aug 6, 2019
Undertow Missing Authorization when requesting a protected directory without trailing slash High
CVE-2019-10184 was published for io.undertow:undertow-servlet (Maven) Aug 1, 2019
Deserialization of untrusted data in FasterXML jackson-databind High
CVE-2019-14439 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Aug 1, 2019
timtebeek
XML External Entity (XXE) Injection in Apache Solr High
CVE-2019-0193 was published for org.apache.solr:solr-core (Maven) Aug 1, 2019
Improper Restriction of XML External Entity Reference in DiffPlug Spotless High
CVE-2019-9843 was published for com.diffplug.spotless:spotless-maven-plugin (Maven) Jul 5, 2019
Insufficiently Protected Credentials and Improper Authentication in Spring Security High
CVE-2019-11272 was published for org.springframework.security:spring-security-cas (Maven) Jun 27, 2019
Improper Locking in Apache Tomcat High
CVE-2019-10072 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jun 26, 2019
sunSUNQ
XML Entity Expansion in Pippo High
CVE-2019-5442 was published for ro.pippo:pippo-jaxb (Maven) Jun 13, 2019
Privilege escalation vulnerability in Apache Hadoop High
CVE-2018-8029 was published for org.apache.hadoop:hadoop-main (Maven) May 31, 2019
XML External Entity injection in Apache Camel High
CVE-2019-0188 was published for org.apache.camel:camel-core (Maven) May 29, 2019
Path Traversal in DKPro Core High
CVE-2019-11082 was published for de.tudarmstadt.ukp.dkpro.core:de.tudarmstadt.ukp.dkpro.core.api.datasets-asl (Maven) May 29, 2019
Information exposure in FasterXML jackson-databind High
CVE-2019-12086 was published for com.fasterxml.jackson.core:jackson-databind (Maven) May 23, 2019
sunSUNQ
Server Side Request Forgery in Apache Axis High
CVE-2019-0227 was published for axis:axis (Maven) May 14, 2019
ebickle
Improper Input Validation in Apache Sanselan High
CVE-2018-17201 was published for org.apache.sanselan:sanselan (Maven) May 14, 2019
Infinite Loop in Apache Sanselan High
CVE-2018-17202 was published for org.apache.sanselan:sanselan (Maven) May 14, 2019
Path Traversal in Apache Camel High
CVE-2019-0194 was published for org.apache.camel:camel-core (Maven) May 2, 2019
Session Fixation in Apache Zeppelin High
CVE-2017-12619 was published for org.apache.zeppelin:zeppelin (Maven) Apr 24, 2019
Improper Authentication in Apache Zeppelin High
CVE-2018-1317 was published for org.apache.zeppelin:zeppelin (Maven) Apr 24, 2019
Billion laughs attack in c3p0 High
CVE-2019-5427 was published for com.mchange:c3p0 (Maven) Apr 23, 2019
Apache Tomcat OS Command Injection vulnerability High
CVE-2019-0232 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Apr 18, 2019
Cleartext Transmission of Sensitive Information, Inclusion of Functionality from Untrusted Control Sphere , and Download of Code Without Integrity Check in Eclipse hawkBit High
CVE-2019-10240 was published for org.eclipse.hawkbit:hawkbit-autoconfigure (Maven) Apr 15, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database