GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
2,448 advisories
Filter by severity
jQuery-UI vulnerable to Cross-site Scripting in dialog closeText
Moderate
CVE-2016-7103
was published
for
jQuery.UI.Combined
(RubyGems)
Oct 24, 2017
jquery-ui Tooltip widget vulnerable to XSS
Moderate
CVE-2012-6662
was published
for
jQuery.UI.Combined
(RubyGems)
Oct 24, 2017
Cross-site Scripting in jquery-ui
Moderate
CVE-2010-5312
was published
for
jQuery.UI.Combined
(RubyGems)
Oct 24, 2017
Cross-Site Scripting (XSS) in jquery
Moderate
CVE-2015-9251
was published
for
jQuery
(RubyGems)
Jan 22, 2018
Bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-14041
was published
for
bootstrap
(RubyGems)
Sep 13, 2018
Bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-14042
was published
for
bootstrap
(RubyGems)
Sep 13, 2018
ZipSlip in org.apache.storm:storm-core
Moderate
CVE-2018-8008
was published
for
org.apache.storm:storm-core
(Maven)
Oct 16, 2018
Spring Framework Cross Site Tracing (XST)
Moderate
CVE-2018-11039
was published
for
org.springframework:spring-web
(Maven)
Oct 16, 2018
Moderate severity vulnerability that affects org.springframework:spring-core
Moderate
CVE-2018-11040
was published
for
org.springframework:spring-core
(Maven)
Oct 16, 2018
Moderate severity vulnerability that affects org.apache.struts:struts2-rest-plugin
Moderate
CVE-2017-15707
was published
for
org.apache.struts:struts2-rest-plugin
(Maven)
Oct 16, 2018
Apache Struts Improper Input Validation vulnerability
Moderate
CVE-2017-7672
was published
for
org.apache.struts:struts2-core
(Maven)
Oct 16, 2018
Moderate severity vulnerability that affects org.apache.juddi:juddi-client
Moderate
CVE-2015-5241
was published
for
org.apache.juddi:juddi-client
(Maven)
Oct 16, 2018
Improper Input Validation in org.apache.qpid:qpid-broker
Moderate
CVE-2016-3094
was published
for
org.apache.qpid:qpid-broker
(Maven)
Oct 16, 2018
Moderate severity vulnerability that affects org.apache.qpid:proton-j
Moderate
CVE-2016-2166
was published
for
org.apache.qpid:proton-j
(Maven)
Oct 16, 2018
Improper Validation of Certificates in apache axis
Moderate
CVE-2014-3596
was published
for
axis:axis
(Maven)
Oct 16, 2018
Moderate severity vulnerability that affects apache axis
Moderate
CVE-2018-8032
was published
for
axis:axis
(Maven)
Oct 16, 2018
Moderate severity vulnerability that affects org.apache.ignite:ignite-core
Moderate
CVE-2016-6805
was published
for
org.apache.ignite:ignite-core
(Maven)
Oct 16, 2018
Apache Camel's Mail is vulnerable to path traversal
Moderate
CVE-2018-8041
was published
for
org.apache.camel:camel-mail
(Maven)
Oct 16, 2018
Apache Camel XML External Entity vulnerability
Moderate
CVE-2015-0263
was published
for
org.apache.camel:camel-core
(Maven)
Oct 16, 2018
Apache Camel allows remote actor to read arbitrary files via external entity in invalid XML string or GenericFile object
Moderate
CVE-2015-0264
was published
for
org.apache.camel:camel-core
(Maven)
Oct 16, 2018
Junrar vulnerable to Infinite Loop
Moderate
CVE-2018-12418
was published
for
com.github.junrar:junrar
(Maven)
Oct 17, 2018
Moderate severity vulnerability that affects org.restlet.jse:org.restlet
Moderate
CVE-2014-1868
was published
for
org.restlet.jse:org.restlet
(Maven)
Oct 17, 2018
Improper Verification of Cryptographic Signature in org.apache.httpcomponents:httpclient
Moderate
CVE-2014-3577
was published
for
org.apache.httpcomponents:httpclient
(Maven)
Oct 17, 2018
Denial of service vulnerability in org.apache.httpcomponents:httpclient
Moderate
CVE-2015-5262
was published
for
org.apache.httpcomponents:httpclient
(Maven)
Oct 17, 2018
org.apache.tika:tika-parsers has an Infinite Loop vulnerability
Moderate
CVE-2018-1339
was published
for
org.apache.tika:tika-parsers
(Maven)
Oct 17, 2018
ProTip!
Advisories are also available from the
GraphQL API