Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,908
Erlang
39
GitHub Actions
38
Go
2,568
Maven
5,000+
npm
4,240
NuGet
754
pip
4,004
Pub
12
RubyGems
953
Rust
1,042
Swift
45
Unreviewed advisories
All unreviewed
5,000+

6,036 advisories

Loading
Improper Restriction of XML External Entity Reference in Apache Olingo Moderate
CVE-2019-17554 was published for org.apache.olingo:odata-client-core (Maven) Feb 4, 2020
Request smuggling is possible when both chunked TE and content length specified Low
CVE-2020-5207 was published for io.ktor:ktor-client-cio (Maven) Jan 27, 2020
Hard-Coded Key Used For Remember-me Token in Opencast Moderate
CVE-2020-5222 was published for org.opencastproject:opencast-kernel (Maven) Jan 30, 2020
LukasKalbertodt
Credited to LukasKalbertodt
Users with ROLE_COURSE_ADMIN can create new users in Opencast Moderate
CVE-2020-5231 was published for org.opencastproject:opencast-kernel (Maven) Jan 30, 2020
XML external entity (XXE) processing ('external-parameter-entities' feature was not fully disabled)) Moderate
CVE-2019-10782 was published for com.puppycrawl.tools:checkstyle (Maven) Jan 31, 2020
JLLeitschuh
Credited to JLLeitschuh
Unrestricted upload of file with dangerous type in Apache Solr Critical
CVE-2019-12409 was published for org.apache.solr:solr-core (Maven) Jan 28, 2020
Password Hashing: Do not use MD5 Low
CVE-2020-5229 was published for org.opencastproject:opencast-common-jpa-impl (Maven) Jan 30, 2020
Improper input validation in Apache Olingo High
CVE-2019-17555 was published for org.apache.olingo:odata-client-core (Maven) Feb 4, 2020
Apache NiFi process group information disclosure Moderate
CVE-2019-10083 was published for org.apache.nifi:nifi (Maven) Dec 2, 2019
XSS in search engine Moderate
CVE-2019-13234 was published for org.opencms:opencms-core (Maven) Nov 12, 2019
XSS issues in the management interface Moderate
CVE-2019-13236 was published for org.opencms:opencms-core (Maven) Nov 12, 2019
Stored XSS in Apache Atlas Moderate
CVE-2019-10070 was published for org.apache.atlas:apache-atlas (Maven) Jan 8, 2020
Authentication Bypass For Endpoints With Anonymous Access in Opencast Critical
CVE-2020-5206 was published for org.opencastproject:opencast-kernel (Maven) Jan 30, 2020
Unauthenticated Access Via OAI-PMH High
CVE-2020-5228 was published for org.opencastproject:opencast-oaipmh-api (Maven) Jan 30, 2020
Unsafe Identifiers in Opencast Moderate
CVE-2020-5230 was published for org.opencastproject:base (Maven) Jan 30, 2020
Denial of service via deserialization attack in nifi Moderate
CVE-2017-15703 was published for org.apache.nifi:nifi-framework-cluster-protocol (Maven) Oct 25, 2019
user/group information can be corrupted across storing in fsimage and reading back from fsimage High
CVE-2018-11768 was published for org.apache.hadoop:hadoop-main (Maven) Nov 20, 2019
Unencrypted passwords Low
GHSA-q594-2475-8v9f was published for org.apache.nifi:nifi-standard-processors (Maven) Feb 24, 2021 withdrawn
XSS in login form Moderate
CVE-2019-13235 was published for org.opencms:opencms-core (Maven) Nov 12, 2019
Privilege escalation vulnerability in Apache Hadoop High
CVE-2018-8029 was published for org.apache.hadoop:hadoop-main (Maven) May 31, 2019
Elliptic Curve Key Disclosure High
GHSA-h6wq-jw7q-grxv was published for org.bitbucket.b_c:jose4j (Maven) Feb 24, 2021 withdrawn
XML external entity (XXE) vulnerability High
GHSA-c8m9-mh38-97p9 was published for org.jpmml:pmml-model (Maven) Feb 24, 2021 withdrawn
Cross-Site Scripting in JSPWiki Moderate
CVE-2019-10076 was published for org.apache.jspwiki:jspwiki-main (Maven) Jun 6, 2019
jackson-dataformat-xml vulnerable to XML external entity (XXE) Critical
CVE-2016-3720 was published for com.fasterxml.jackson.dataformat:jackson-dataformat-xml (Maven) Oct 18, 2018
Keycloak SAML javascript protocol mapper: Uploading of scripts through admin console High
CVE-2022-2668 was published for org.keycloak:keycloak-parent (Maven) Sep 23, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database