Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,882 advisories

Loading
Local file inclusion allows unauthorized access to internal resources in Alkacon OpenCms Moderate
CVE-2019-13237 was published for org.opencms:opencms-core (Maven) Nov 12, 2019
XSS in search engine Moderate
CVE-2019-13234 was published for org.opencms:opencms-core (Maven) Nov 12, 2019
Potential DOS attack due to unrestricted attachment count in messages Moderate
CVE-2019-12406 was published for org.apache.cxf:apache-cxf (Maven) Nov 8, 2019
Use of Cryptographically Weak Pseudo-Random Number Generator in org.pac4j:pac4j-saml Moderate
CVE-2019-10755 was published for org.pac4j:pac4j-saml (Maven) Nov 6, 2019
Denial of service via deserialization attack in nifi Moderate
CVE-2017-15703 was published for org.apache.nifi:nifi-framework-cluster-protocol (Maven) Oct 25, 2019
Cross-site scripting in Apache JSPWiki Moderate
CVE-2019-12404 was published for org.apache.jspwiki:jspwiki-war (Maven) Oct 11, 2019
Cross-site scripting in Apache JSPWiki Moderate
CVE-2019-10089 was published for org.apache.jspwiki:jspwiki-war (Maven) Oct 11, 2019
Cross-site scripting in Apache JSPWiki Moderate
CVE-2019-10087 was published for org.apache.jspwiki:jspwiki-war (Maven) Oct 11, 2019
Cross-site scripting in Apache JSPWiki Moderate
CVE-2019-10090 was published for org.apache.jspwiki:jspwiki-war (Maven) Oct 11, 2019
Cross-site scripting in Sakai Moderate
CVE-2019-16148 was published for org.sakaiproject:chat-base (Maven) Sep 23, 2019
Improper Verification of Cryptographic Signature in keycloak Moderate
CVE-2019-10201 was published for org.keycloak:keycloak-core (Maven) Sep 23, 2019
Improper Handling of Exceptional Conditions and Origin Validation Error in Eclipse Paho Java client library Moderate
CVE-2019-11777 was published for org.eclipse.paho:org.eclipse.paho.client.mqttv3 (Maven) Sep 17, 2019
Incorrect Resource Transfer Between Spheres in eclipse-wtp Moderate
CVE-2019-10753 was published for com.diffplug.spotless:spotless-eclipse-cdt (Maven) Sep 11, 2019
Improper input validation in Apache Santuario XML Security for Java Moderate
CVE-2019-12400 was published for org.apache.santuario:xmlsec (Maven) Aug 27, 2019
Cross-site Scripting in Jooby Moderate
CVE-2019-15477 was published for org.jooby:jooby (Maven) Aug 27, 2019
Cross-site Scripting in Ignite Realtime Openfire Moderate
CVE-2019-15488 was published for org.igniterealtime.openfire:xmppserver (Maven) Aug 27, 2019
Cross-site scripting in Apache Ranger Moderate
CVE-2019-12397 was published for org.apache.ranger:ranger (Maven) Aug 16, 2019
Allocation of Resources Without Limits or Throttling in Apache Tika Moderate
CVE-2019-10093 was published for org.apache.tika:tika-parsers (Maven) Aug 6, 2019
Improper Input Validation and Missing Authentication for Critical Function in Apache ActiveMQ Moderate
CVE-2015-7559 was published for org.apache.activemq:activemq-client (Maven) Aug 1, 2019
sunSUNQ
Deserialization of untrusted data in FasterXML jackson-databind Moderate
CVE-2019-12814 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jul 17, 2019
sunSUNQ
Deserialization of Untrusted Data in FasterXML jackson-databind Moderate
CVE-2019-12384 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jul 5, 2019
sunSUNQ
Improper Certificate Validation and Insufficient Verification of Data Authenticity in Keycloak Moderate
CVE-2019-3875 was published for org.keycloak:keycloak-core (Maven) Jun 27, 2019
Argument Injection in Apache Geode server Moderate
CVE-2017-15694 was published for org.apache.geode:geode-core (Maven) Jun 26, 2019
Open Redirect in Spring Security OAuth Moderate
CVE-2019-11269 was published for org.springframework.security.oauth:spring-security-oauth (Maven) Jun 13, 2019
SunBK201
Cross-site Scripting in HAPI FHIR Moderate
CVE-2019-12741 was published for ca.uhn.hapi.fhir:hapi-fhir-base (Maven) Jun 7, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database