Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,632
Erlang
34
GitHub Actions
25
Go
2,231
Maven
5,000+
npm
3,897
NuGet
701
pip
3,664
Pub
12
RubyGems
914
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,838 advisories

Loading
jackson-databind vulnerable to unsafe deserialization High
CVE-2020-10650 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jul 15, 2022
mod_cluster Denial of Service vulnerability High
CVE-2016-3110 was published for org.jboss.mod_cluster:mod_cluster-parent (Maven) May 14, 2022
Apache Ranger allows users to bypass intended access restrictions via direct access to module URLs High
CVE-2015-0266 was published for org.apache.ranger:ranger (Maven) May 17, 2022
Apache Jetspeed vulnerable to SQL Injection High
CVE-2016-0710 was published for org.apache.portals.jetspeed-2:jetspeed (Maven) May 17, 2022
WildFly has incomplete blacklist vulnerability High
CVE-2016-0793 was published for org.wildfly:wildfly-parent (Maven) May 14, 2022
Neo4J vulnerable to Cross-Site Request Forgery High
CVE-2013-7259 was published for org.neo4j:neo4j (Maven) May 17, 2022
Improper Authorization in Apache Xalan-Java High
CVE-2014-0107 was published for xalan:xalan (Maven) May 13, 2022
Ignite Realtime Openfire vulnerable to XMPPbomb attack High
CVE-2014-2741 was published for org.igniterealtime.openfire:parent (Maven) May 17, 2022
Caucho Quercus, as distributed in Resin, does not properly handle unspecified characters in the names of variables High
CVE-2012-2965 was published for com.caucho:resin (Maven) May 17, 2022
Caucho Quercus, as distributed in Resin, overwrites entries in SERVER superglobal array on basis of POST parameters High
CVE-2012-2966 was published for com.caucho:resin (Maven) May 17, 2022
Caucho Quercus, as distributed in Resin, does not properly implement the `==` operator for comparisons High
CVE-2012-2967 was published for com.caucho:resin (Maven) May 17, 2022
dotCMS allows remote authenticated users to execute arbitrary Java code High
CVE-2012-1826 was published for com.dotcms:dotcms (Maven) May 17, 2022
Apache Kylin vulnerable to Command injection by Useless configuration High
CVE-2022-43396 was published for org.apache.kylin:kylin (Maven) Dec 30, 2022
Apache Tomcat Buffer Over-Read High
CVE-2006-7197 was published for org.apache.tomcat:tomcat (Maven) May 1, 2022
Apache CXF: SSRF vulnerability via WADL stylesheet parameter High
CVE-2024-29736 was published for org.apache.cxf:cxf-rt-rs-service-description (Maven) Jul 19, 2024
yusuke-koyoshi
The XWiki JIRA extension allows data leak through an XXE attack by using a fake JIRA server High
CVE-2025-31487 was published for org.xwiki.contrib.jira:jira-macro-default (Maven) Apr 4, 2025
Apache Tomcat Vulnerable to Denial of Service (DoS) via Simultaneous Requests High
CVE-2005-3510 was published for org.apache.tomcat:tomcat (Maven) May 1, 2022
Apache Commons VFS Has Relative Path Traversal Vulnerability High
CVE-2025-27553 was published for org.apache.commons:commons-vfs2 (Maven) Mar 23, 2025
SmallRye Fault Tolerance out-of-memory (OOM) issue High
CVE-2025-2240 was published for io.smallrye:smallrye-fault-tolerance-core (Maven) Mar 12, 2025
claudio4j
Vipshop Saturn Console Vulnerable to SQL Injection via ClusterKey Component High
CVE-2025-29085 was published for com.vip.saturn:saturn-console (Maven) Apr 2, 2025
Jenkins Templating Engine Plugin Vulnerable to Arbitrary Code Execution High
CVE-2025-31722 was published for org.jenkins-ci.plugins:templating-engine (Maven) Apr 2, 2025
Selenium Server (Grid) CSRF High
CVE-2022-28108 was published for org.seleniumhq.selenium:selenium-grid (Maven) Apr 20, 2022
jeffwidman
jooby-pac4j: deserialization of untrusted data High
CVE-2025-31129 was published for io.jooby:jooby-pac4j (Maven) Apr 1, 2025
cwm1123
Signature forgery in Spring Boot's Loader High
CVE-2024-38807 was published for org.springframework.boot:spring-boot-loader (Maven) Aug 23, 2024
Apache MINA SSHD: integrity check bypass High
CVE-2024-41909 was published for org.apache.sshd:sshd-common (Maven) Aug 12, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database