Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

111,583 advisories

Loading
High severity vulnerability that affects OPCFoundation.NetStandard.Opc.Ua High
CVE-2018-12086 was published for OPCFoundation.NetStandard.Opc.Ua (NuGet) Oct 16, 2018
Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents High
CVE-2018-0765 was published for System.Security.Cryptography.Xml (NuGet) Oct 16, 2018
Denial of service vulnerability exists when System.IO.Pipelines improperly handles requests High
CVE-2018-8409 was published for Microsoft.AspNetCore.All (NuGet) Oct 16, 2018
Security feature bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated High
CVE-2018-8171 was published for Microsoft.AspNetCore.Identity (NuGet) Oct 16, 2018
ASP.NET Core allow an elevation of privilege High
CVE-2018-0787 was published for Microsoft.AspNetCore.HttpOverrides (NuGet) Oct 16, 2018
High severity vulnerability that affects Microsoft.AspNetCore.Mvc High
CVE-2017-0249 was published for DisCatSharp (NuGet) Oct 16, 2018
ASP.NET Core fails to properly validate web requests High
CVE-2017-0247 was published for Microsoft.AspNetCore.Mvc (NuGet) Oct 16, 2018
Denial of service in ASP.NET Core High
CVE-2018-8269 was published for Microsoft.AspNetCore.All (NuGet) Oct 16, 2018
leecow
Improper Certificate Validation in Microsoft .NET Framework components High
CVE-2018-0786 was published for Microsoft.NETCore.UniversalWindowsPlatform (NuGet) Oct 16, 2018
skofman1
Apache Ignite communicates to an external PHP server where sensitive information is sent High
CVE-2017-7686 was published for org.apache.ignite:ignite-core (Maven) Oct 16, 2018
Apache Camel can allow remote attackers to execute arbitrary commands High
CVE-2015-5348 was published for org.apache.camel:camel-ahc (Maven) Oct 16, 2018
sunSUNQ
Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE. High
CVE-2017-5643 was published for org.apache.camel:camel-core (Maven) Oct 16, 2018
sunSUNQ
Apache Camel's XSLT component allows remote attackers to read arbitrary files High
CVE-2014-0002 was published for org.apache.camel:camel-core (Maven) Oct 16, 2018
sunSUNQ
Apache Camel's XSLT component allows remote attackers to execute arbitrary Java methods High
CVE-2014-0003 was published for org.apache.camel:camel-core (Maven) Oct 16, 2018
sunSUNQ
Restlet Framework allows remote attackers to access arbitrary files via a crafted REST API HTTP request High
CVE-2017-14949 was published for org.restlet.jse:org.restlet (Maven) Oct 17, 2018
tdunlap607
Restlet Framework Ja-rs extension is vulnerable to XXE when using SimpleXMLProvider High
CVE-2017-14868 was published for org.restlet.jse:org.restlet.ext.jaxrs (Maven) Oct 17, 2018
Improper certificate validation in org.apache.httpcomponents:httpclient High
CVE-2012-6153 was published for org.apache.httpcomponents:httpclient (Maven) Oct 17, 2018
MarkLee131
Apache Tika is vulnerable to entity expansions which can lead to a denial of service attack High
CVE-2018-11796 was published for org.apache.tika:tika-core (Maven) Oct 17, 2018
Command injection in org.apache.tika:tika-core High
CVE-2018-1335 was published for org.apache.tika:tika-core (Maven) Oct 17, 2018
Apache Tika does not properly initialize the XML parser or choose handlers High
CVE-2016-4434 was published for org.apache.tika:tika-core (Maven) Oct 17, 2018
High severity vulnerability that affects org.apache.tika:tika-core High
CVE-2018-11761 was published for org.apache.tika:tika-core (Maven) Oct 17, 2018
High severity vulnerability that affects io.vertx:vertx-web High
CVE-2018-12540 was published for io.vertx:vertx-web (Maven) Oct 17, 2018
MarkLee131
In Bouncy Castle JCE Provider it is possible to inject extra elements in the sequence making up the signature and still have it validate High
CVE-2016-1000338 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 17, 2018
AndrzejBiernacki2010 SunBK201
The Bouncy Castle JCE Provider carry a propagation bug High
CVE-2016-1000340 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 17, 2018
In Bouncy Castle JCE Provider ECDSA does not fully validate ASN.1 encoding of signature on verification High
CVE-2016-1000342 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 17, 2018
AndrzejBiernacki2010
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database