Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,248
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,513
Pub
12
RubyGems
997
Rust
1,189
Swift
51
Unreviewed advisories
All unreviewed
5,000+

6,316 advisories

Loading
Stored XSS in Apache Atlas Moderate
CVE-2019-10070 was published for org.apache.atlas:apache-atlas (Maven) Jan 8, 2020
The SafeHtml annotation in Hibernate-Validator does not properly guard against XSS attacks Moderate
CVE-2019-10219 was published for org.hibernate.validator:hibernate-validator (Maven) Jan 8, 2020
SunBK201 Credited to SunBK201 and poc-effectiveness poc-effectiveness poc-effectiveness
Deserialization of Untrusted Data in Log4j Critical
CVE-2019-17571 was published for log4j:log4j (Maven) Jan 6, 2020
scothale Credited to scothale and SebGondron SebGondron SebGondron
Deserialization of Untrusted Data in Log4j Critical
CVE-2017-5645 was published for org.apache.logging.log4j:log4j (Maven) Jan 6, 2020
Insufficiently Protected Credentials in Apache Tomcat High
CVE-2019-12418 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Dec 26, 2019
In Apache Tomcat, when using FORM authentication there was a narrow window where an attacker could perform a session fixation attack High
CVE-2019-17563 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Dec 26, 2019
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') in Armeria Moderate
GHSA-35fr-h7jr-hh86 was published for com.linecorp.armeria:armeria (Maven) Dec 6, 2019
JLLeitschuh Credited to JLLeitschuh
Low severity vulnerability that affects com.linecorp.armeria:armeria Moderate
CVE-2019-16771 was published for com.linecorp.armeria:armeria (Maven) Dec 5, 2019
SunBK201 Credited to SunBK201
Apache NiFi user log out issue High
CVE-2019-12421 was published for org.apache.nifi:nifi-web-api (Maven) Dec 2, 2019
Apache NiFi process group information disclosure Moderate
CVE-2019-10083 was published for org.apache.nifi:nifi (Maven) Dec 2, 2019
Apache NiFi information disclosure by XXE Moderate
CVE-2019-10080 was published for org.apache.nifi:nifi (Maven) Dec 2, 2019
Unescaped exception messages in error responses in Jetty Moderate
CVE-2019-17632 was published for org.eclipse.jetty:jetty-server (Maven) Dec 2, 2019
user/group information can be corrupted across storing in fsimage and reading back from fsimage High
CVE-2018-11768 was published for org.apache.hadoop:hadoop-main (Maven) Nov 20, 2019
Potential to access user credentials from the log files when debug logging enabled Critical
CVE-2019-10212 was published for io.undertow:undertow-core (Maven) Nov 20, 2019
Path traversal attack on Windows platforms High
CVE-2019-0207 was published for org.apache.tapestry:tapestry-core (Maven) Nov 18, 2019
jackson-databind polymorphic typing issue Critical
CVE-2019-17531 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Nov 13, 2019
jackson-databind polymorphic typing issue Critical
CVE-2019-16943 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Nov 13, 2019
XSS issues in the management interface Moderate
CVE-2019-13236 was published for org.opencms:opencms-core (Maven) Nov 12, 2019
XSS in login form Moderate
CVE-2019-13235 was published for org.opencms:opencms-core (Maven) Nov 12, 2019
Local file inclusion allows unauthorized access to internal resources in Alkacon OpenCms Moderate
CVE-2019-13237 was published for org.opencms:opencms-core (Maven) Nov 12, 2019
XSS in search engine Moderate
CVE-2019-13234 was published for org.opencms:opencms-core (Maven) Nov 12, 2019
Potential DOS attack due to unrestricted attachment count in messages Moderate
CVE-2019-12406 was published for org.apache.cxf:apache-cxf (Maven) Nov 8, 2019
Potential session hijack in Apache CXF Critical
CVE-2019-12419 was published for org.apache.cxf:cxf (Maven) Nov 8, 2019
Use of Cryptographically Weak Pseudo-Random Number Generator in org.pac4j:pac4j-saml Moderate
CVE-2019-10755 was published for org.pac4j:pac4j-saml (Maven) Nov 6, 2019
Polymorphic Typing in FasterXML jackson-databind Critical
CVE-2019-16942 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Oct 28, 2019
sunSUNQ Credited to sunSUNQ
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database