Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

799 advisories

Loading
Improper Restriction of XML External Entity Reference in Jelly Critical
CVE-2017-12621 was published for commons-jelly:commons-jelly (Maven) May 17, 2022
Improper Restriction of XML External Entity Reference in Apache OpenNLP Critical
CVE-2017-12620 was published for org.apache.opennlp:opennlp-tools (Maven) May 17, 2022
Injection in Apache NiFi Critical
CVE-2017-5636 was published for org.apache.nifi:nifi (Maven) May 17, 2022
Use of a Broken or Risky Cryptographic Algorithm in Apache Hadoop Critical
CVE-2012-4449 was published for org.apache.hadoop:hadoop-client (Maven) May 17, 2022
Deserialization of Untrusted Data in Spring AMQP Critical
CVE-2017-8045 was published for org.springframework.amqp:spring-amqp (Maven) May 17, 2022
Jenkins allows Execution of Code by Opening a JRMP Listener Critical
CVE-2016-0788 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Exposure of Sensitive Information in Jenkins Core Critical
CVE-2016-0791 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Apache NiFi XSS issue in context path handling Critical
CVE-2017-15697 was published for org.apache.nifi:nifi (Maven) May 14, 2022
Apache Geode unsafe deserialization in TcpServer Critical
CVE-2017-15692 was published for org.apache.geode:geode-core (Maven) May 14, 2022
Improper Restriction of XML External Entity Reference in Apache NiFi Critical
CVE-2018-1309 was published for org.apache.nifi:nifi-standard-processors (Maven) May 14, 2022
Apache Storm remote code execution vulnerability Critical
CVE-2015-3188 was published for org.apache.storm:storm (Maven) May 14, 2022
Improper Access Control in Apache Shiro Critical
CVE-2016-4437 was published for org.apache.shiro:shiro-core (Maven) May 14, 2022
Withdrawn Advisory: Improper Restriction of XML External Entity Reference in Apache ActiveMQ Critical
CVE-2015-3208 was published for org.apache.activemq:activemq-client (Maven) May 14, 2022 withdrawn
dsten56
Apache XML-RPC vulnerable to Deserialization of Untrusted Data Critical
CVE-2016-5003 was published for org.apache.xmlrpc:xmlrpc (Maven) May 14, 2022
XML External Entity Reference in weixin-java-tools Critical
CVE-2019-5312 was published for com.github.binarywang:weixin-java-common (Maven) May 14, 2022
q5438722
Apache OpenMeetings RCE Critical
CVE-2016-8736 was published for org.apache.openmeetings:openmeetings-parent (Maven) May 14, 2022
Improper Restriction of XML External Entity Reference in Apache ActiveMQ Critical
CVE-2014-3600 was published for org.apache.activemq:activemq-broker (Maven) May 14, 2022
sunSUNQ
Apache ActiveMQ Apollo XXE Vulnerability Critical
CVE-2014-3579 was published for org.apache.activemq:apollo-project (Maven) May 14, 2022
MarkLee131
Improper Input Validation in Apache ActiveMQ Critical
CVE-2016-3088 was published for org.apache.activemq:activemq-client (Maven) May 14, 2022
sunSUNQ
RubyGems Improper Verification of Cryptographic Signature vulnerability Critical
CVE-2018-1000076 was published for org.jruby:jruby-stdlib (RubyGems) May 14, 2022
Improper Neutralization of Special Elements used in an LDAP Query in Jenkins Critical
CVE-2016-9299 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
sunSUNQ
Apache Camel camel-hessian component vulnerable to Java object deserialization Critical
CVE-2017-12633 was published for org.apache.camel:camel-hessian (Maven) May 14, 2022
SimpleXML vulnerable to XML External Entity (XXE) Critical
CVE-2017-1000190 was published for org.simpleframework:simple-xml (Maven) May 14, 2022
Apache Struts vulnerable to arbitrary remote code execution due to improper input validation Critical
CVE-2016-3087 was published for org.apache.struts:struts2-core (Maven) May 14, 2022
sunSUNQ
Arbitrary code execution in Apache Struts 2 Critical
CVE-2016-4438 was published for org.apache.struts:struts2-core (Maven) May 14, 2022
sunSUNQ
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database