Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,606
Maven
5,000+
npm
5,000+
NuGet
924
pip
4,831
Pub
13
RubyGems
1,045
Rust
1,256
Swift
53
Unreviewed advisories
All unreviewed
5,000+

6 advisories

Loading
Observable Discrepancy in Apache Kafka Moderate
CVE-2021-38153 was published for org.apache.kafka:kafka-clients (Maven) Sep 23, 2021
pavelarnost Credited to pavelarnost
Unsafe deserialization in Apache MINA SSHD Critical
CVE-2022-45047 was published for org.apache.sshd:sshd-common (Maven) Nov 16, 2022
pavelarnost Credited to pavelarnost
Apache CXF vulnerable to Exposure of Sensitive Information High
CVE-2022-46363 was published for org.apache.cxf:cxf-core (Maven) Dec 13, 2022
pavelarnost Credited to pavelarnost
Bouncy Castle For Java LDAP injection vulnerability Moderate
CVE-2023-33201 was published for org.bouncycastle:bcprov-debug-jdk14 (Maven) Jul 5, 2023
pavelarnost Credited to pavelarnost
Apache MINA SSHD information disclosure vulnerability Moderate
CVE-2023-35887 was published for org.apache.sshd:sshd-common (Maven) Jul 10, 2023
pavelarnost Credited to pavelarnost and gjordi gjordi gjordi
Apache CXF is vulnerable to DoS attacks as entire files are read into memory and logged Moderate
CVE-2025-48795 was published for org.apache.cxf:cxf-core (Maven) Jul 15, 2025
pavelarnost Credited to pavelarnost
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database