Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,248
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,513
Pub
12
RubyGems
997
Rust
1,189
Swift
51
Unreviewed advisories
All unreviewed
5,000+

6,316 advisories

Loading
Cross-site Scripting in HAPI FHIR Moderate
CVE-2019-12741 was published for ca.uhn.hapi.fhir:hapi-fhir-base (Maven) Jun 7, 2019
Cross-site Scriptin in JSPWiki Moderate
CVE-2019-10078 was published for org.apache.jspwiki:jspwiki-main (Maven) Jun 6, 2019
Cross-site Scripting in JSPWiki Moderate
CVE-2019-10077 was published for org.apache.jspwiki:jspwiki-main (Maven) Jun 6, 2019
Cross-Site Scripting in JSPWiki Moderate
CVE-2019-10076 was published for org.apache.jspwiki:jspwiki-main (Maven) Jun 6, 2019
Improper Neutralization of Wildcards or Matching Symbols Moderate
CVE-2019-3802 was published for org.springframework.data:spring-data-jpa (Maven) Jun 4, 2019
Privilege escalation vulnerability in Apache Hadoop High
CVE-2018-8029 was published for org.apache.hadoop:hadoop-main (Maven) May 31, 2019
Cross-site scripting in Apache Tomcat Moderate
CVE-2019-0221 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) May 30, 2019
sunSUNQ Credited to sunSUNQ
Access control bypass in Apache ZooKeeper Moderate
CVE-2019-0201 was published for org.apache.zookeeper:zookeeper (Maven) May 29, 2019
XML External Entity injection in Apache Camel High
CVE-2019-0188 was published for org.apache.camel:camel-core (Maven) May 29, 2019
Path Traversal in DKPro Core High
CVE-2019-11082 was published for de.tudarmstadt.ukp.dkpro.core:de.tudarmstadt.ukp.dkpro.core.api.datasets-asl (Maven) May 29, 2019
Command Injection in Xstream Critical
CVE-2013-7285 was published for com.thoughtworks.xstream:xstream (Maven) May 29, 2019
mmabdpr Credited to mmabdpr and MarkLee131 MarkLee131 MarkLee131
Information exposure in FasterXML jackson-databind High
CVE-2019-12086 was published for com.fasterxml.jackson.core:jackson-databind (Maven) May 23, 2019
sunSUNQ Credited to sunSUNQ
Path Traversal in Spring Cloud Config Moderate
CVE-2019-3799 was published for org.springframework.cloud:spring-cloud-config-server (Maven) May 23, 2019
Exposure of Sensitive Information to an Unauthorized Actor and SQL Injection in Spring Data JPA Moderate
CVE-2019-3797 was published for org.springframework.data:spring-data-jpa (Maven) May 14, 2019
Server Side Request Forgery in Apache Axis High
CVE-2019-0227 was published for axis:axis (Maven) May 14, 2019
ebickle Credited to ebickle
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Ratpack Low
CVE-2019-11808 was published for io.ratpack:ratpack-groovy (Maven) May 14, 2019
Improper Input Validation in Apache Sanselan High
CVE-2018-17201 was published for org.apache.sanselan:sanselan (Maven) May 14, 2019
Infinite Loop in Apache Sanselan High
CVE-2018-17202 was published for org.apache.sanselan:sanselan (Maven) May 14, 2019
Cross-site Scripting in Apache UIMA Moderate
CVE-2018-8035 was published for org.apache.uima:uima-ducc-web (Maven) May 14, 2019
Cross-site scripting in Apache Archiva Moderate
CVE-2019-0213 was published for org.apache.archiva:archiva (Maven) May 14, 2019
Improper Input Validation in Apache Archiva Moderate
CVE-2019-0214 was published for org.apache.archiva:archiva (Maven) May 14, 2019
Path Traversal in Apache Camel High
CVE-2019-0194 was published for org.apache.camel:camel-core (Maven) May 2, 2019
Exposure of Sensitive Information to an Unauthorized Actor in Keycloak Moderate
CVE-2019-3868 was published for org.keycloak:keycloak-core (Maven) Apr 30, 2019
XSS in jQuery as used in Drupal, Backdrop CMS, and other products Moderate
CVE-2019-11358 was published for django (RubyGems) Apr 26, 2019
klaudialax Credited to klaudialax, eoftedal, and Rudloff eoftedal eoftedal
Rudloff Rudloff
Cross-site Scripting in Apache Zeppelin Moderate
CVE-2018-1328 was published for org.apache.zeppelin:zeppelin (Maven) Apr 24, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database