Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,504
Maven
5,000+
npm
4,149
NuGet
735
pip
3,949
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,886 advisories

Loading
Cross Site Scripting (XSS) in XWiki Moderate
CVE-2021-3137 was published for org.xwiki.commons:xwiki-commons (Maven) Jan 29, 2021
Server-Side Forgery Request can be activated unmarshalling with XStream Moderate
CVE-2020-26258 was published for com.thoughtworks.xstream:xstream (Maven) Dec 21, 2020
vulnerability-analyst
XStream vulnerable to an Arbitrary File Deletion on the local host when unmarshalling Moderate
CVE-2020-26259 was published for com.thoughtworks.xstream:xstream (Maven) Dec 21, 2020
MPXJ path Traversal vulnerability Moderate
CVE-2020-35460 was published for net.sf.mpxj:mpxj (Maven) Dec 18, 2020
Information Disclosure in Apache Groovy Moderate
CVE-2020-17521 was published for org.codehaus.groovy:groovy (Maven) Dec 9, 2020
SebGondron
Buffer not correctly recycled in Gzip Request inflation Moderate
CVE-2020-27218 was published for org.eclipse.jetty:jetty-server (Maven) Dec 2, 2020
easbar karussell
Ciphertext Malleability Issue in Tink Java Moderate
CVE-2020-8929 was published for com.google.crypto.tink:tink (Maven) Oct 16, 2020
reteptilian
TemporaryFolder on unix-like systems does not limit access to created files Moderate
CVE-2020-15250 was published for junit:junit (Maven) Oct 12, 2020
JLLeitschuh
Man-in-the-middle attack in Apache Axis Moderate
CVE-2012-5784 was published for axis:axis (Maven) Oct 7, 2020
Sensitive Data Exposure in Apache Ant Moderate
CVE-2020-1945 was published for org.apache.ant:ant (Maven) Sep 14, 2020
Cross-Site Scripting in jquery Moderate
CVE-2012-6708 was published for jQuery (RubyGems) Sep 1, 2020
klaudialax
CSRF in Play Framework Moderate
CVE-2020-12480 was published for com.typesafe.play:play_2.12 (Maven) Aug 18, 2020
SQL Injection in Kylin Moderate
CVE-2020-1937 was published for org.apache.kylin:kylin-server-base (Maven) Jul 27, 2020
Directory traversal in Apache RocketMQ Moderate
CVE-2019-17572 was published for org.apache.rocketmq:rocketmq-broker (Maven) Jul 1, 2020
Privilege escalation in mysql-connector-jav Moderate
CVE-2019-2692 was published for mysql:mysql-connector-java (Maven) Jul 1, 2020
Denial of service in Netty Moderate
CVE-2014-3488 was published for io.netty:netty-handler (Maven) Jun 30, 2020
Denial of Service in Google Guava Moderate
CVE-2018-10237 was published for com.google.guava:guava (Maven) Jun 15, 2020
Insufficient Entropy in Spring Security Moderate
CVE-2020-5408 was published for org.springframework.security:spring-security-core (Maven) Jun 15, 2020
Denial of service in Apache Xerces2 Moderate
CVE-2009-2625 was published for xerces:xercesImpl (Maven) Jun 15, 2020
Information disclosure in JBoss Weld Moderate
CVE-2014-8122 was published for org.jboss.weld:weld-core-bom (Maven) Jun 10, 2020
Reflected Cross-Site Scripting in Apache CXF Moderate
CVE-2019-17573 was published for org.apache.cxf:apache-cxf (Maven) Jun 10, 2020
Directory traversal attack in Spring Cloud Config Moderate
CVE-2020-5405 was published for org.springframework.cloud:spring-cloud-config-server (Maven) Jun 5, 2020
Apache ActiveMQ webconsole admin GUI is open to XSS Moderate
CVE-2020-1941 was published for org.apache.activemq:activemq-web-console (Maven) May 21, 2020
sunSUNQ
Cross-Site Scripting in jquery Moderate
CVE-2020-7656 was published for jQuery (RubyGems) May 20, 2020
klaudialax eoftedal
path traversal in Jooby Moderate
CVE-2020-7647 was published for io.jooby:jooby (Maven) May 13, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database