GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,354
Erlang
31
GitHub Actions
22
Go
2,120
Maven
5,000+
npm
3,779
NuGet
681
pip
3,460
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+
1,784 advisories
Filter by severity
The host name verification missing in Apache Tomcat
High
CVE-2018-8034
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Oct 17, 2018
In Apache Tomcat there is an improper handing of overflow in the UTF-8 decoder
High
CVE-2018-1336
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Oct 17, 2018
When running Apache Tomcat on Windows with HTTP PUTs enabled it was possible to upload a JSP file to the server
High
CVE-2017-12615
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Oct 17, 2018
In Bouncy Castle JCE Provider the ECIES implementation allowed the use of ECB mode
High
CVE-2016-1000352
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 17, 2018
In Bouncy Castle JCE Provider the DSA key pair generator generates a weak private key if used with default values
High
CVE-2016-1000343
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 17, 2018
In Bouncy Castle JCE Provider ECDSA does not fully validate ASN.1 encoding of signature on verification
High
CVE-2016-1000342
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 17, 2018
The Bouncy Castle JCE Provider carry a propagation bug
High
CVE-2016-1000340
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 17, 2018
In Bouncy Castle JCE Provider it is possible to inject extra elements in the sequence making up the signature and still have it validate
High
CVE-2016-1000338
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 17, 2018
High severity vulnerability that affects io.vertx:vertx-web
High
CVE-2018-12540
was published
for
io.vertx:vertx-web
(Maven)
Oct 17, 2018
High severity vulnerability that affects org.apache.tika:tika-core
High
CVE-2018-11761
was published
for
org.apache.tika:tika-core
(Maven)
Oct 17, 2018
Apache Tika does not properly initialize the XML parser or choose handlers
High
CVE-2016-4434
was published
for
org.apache.tika:tika-core
(Maven)
Oct 17, 2018
Command injection in org.apache.tika:tika-core
High
CVE-2018-1335
was published
for
org.apache.tika:tika-core
(Maven)
Oct 17, 2018
Apache Tika is vulnerable to entity expansions which can lead to a denial of service attack
High
CVE-2018-11796
was published
for
org.apache.tika:tika-core
(Maven)
Oct 17, 2018
Improper certificate validation in org.apache.httpcomponents:httpclient
High
CVE-2012-6153
was published
for
org.apache.httpcomponents:httpclient
(Maven)
Oct 17, 2018
Restlet Framework Ja-rs extension is vulnerable to XXE when using SimpleXMLProvider
High
CVE-2017-14868
was published
for
org.restlet.jse:org.restlet.ext.jaxrs
(Maven)
Oct 17, 2018
Restlet Framework allows remote attackers to access arbitrary files via a crafted REST API HTTP request
High
CVE-2017-14949
was published
for
org.restlet.jse:org.restlet
(Maven)
Oct 17, 2018
Apache Camel's XSLT component allows remote attackers to execute arbitrary Java methods
High
CVE-2014-0003
was published
for
org.apache.camel:camel-core
(Maven)
Oct 16, 2018
Apache Camel's XSLT component allows remote attackers to read arbitrary files
High
CVE-2014-0002
was published
for
org.apache.camel:camel-core
(Maven)
Oct 16, 2018
Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE.
High
CVE-2017-5643
was published
for
org.apache.camel:camel-core
(Maven)
Oct 16, 2018
Apache Camel can allow remote attackers to execute arbitrary commands
High
CVE-2015-5348
was published
for
org.apache.camel:camel-ahc
(Maven)
Oct 16, 2018
Apache Ignite communicates to an external PHP server where sensitive information is sent
High
CVE-2017-7686
was published
for
org.apache.ignite:ignite-core
(Maven)
Oct 16, 2018
Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents
High
CVE-2018-8030
was published
for
org.apache.qpid:apache-qpid-broker-j
(Maven)
Oct 16, 2018
REST Plugin in Apache Struts uses an XStreamHandler with an instance of XStream for deserialization without any type filtering
High
CVE-2017-9805
was published
for
org.apache.struts:struts2-rest-plugin
(Maven)
Oct 16, 2018
Apache Struts allows entering a custom URL in a form field if built-in URLValidator is used
High
CVE-2017-9804
was published
for
org.apache.struts:struts2-core
(Maven)
Oct 16, 2018
The REST Plugin in Apache Struts is using an outdated XStream library
High
CVE-2017-9793
was published
for
org.apache.struts:struts2-rest-plugin
(Maven)
Oct 16, 2018
ProTip!
Advisories are also available from the
GraphQL API