Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,504
Maven
5,000+
npm
4,149
NuGet
735
pip
3,949
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,935 advisories

Loading
Improper Restriction of XML External Entity Reference in Magnolia CMS High
CVE-2021-46365 was published for info.magnolia:magnolia-core (Maven) Feb 12, 2022
Missing Authentication for Critical Function in Apache TomEE High
CVE-2020-11969 was published for org.apache.tomee:tomee (Maven) Feb 10, 2022
Out of bounds read in json-smart High
CVE-2021-31684 was published for net.minidev:json-smart (Maven) Feb 10, 2022
afdesk
Cross-Site Request Forgery in xwiki-platform High
CVE-2021-32732 was published for org.xwiki.platform:xwiki-platform-administration-ui (Maven) Feb 10, 2022
Improper Certificate Validation in Graylog High
CVE-2020-15813 was published for org.graylog:graylog-parent (Maven) Feb 10, 2022
Gadget chain attack in Nippy High
CVE-2020-24164 was published for com.taoensso:nippy (Maven) Feb 10, 2022
Apache Geode SSL endpoint verification vulnerability High
CVE-2019-10091 was published for org.apache.geode:geode-core (Maven) Feb 10, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Concord High
CVE-2020-10591 was published for com.walmartlabs.concord:concord-common (Maven) Feb 10, 2022
binary-1024
Deserialization of Untrusted Data in Apache ShardingSphere High
CVE-2020-1947 was published for org.apache.shardingsphere:shardingsphere (Maven) Feb 10, 2022
Denial of service in Apache OpenMeetings High
CVE-2020-13951 was published for org.apache.openmeetings:openmeetings-parent (Maven) Feb 10, 2022
Authentication bypass in Apache Hadoop High
CVE-2018-11764 was published for org.apache.hadoop:hadoop-main (Maven) Feb 10, 2022
Improper Handling of Exceptional Conditions and Improper Input Validation in Reactor Netty High
CVE-2020-5403 was published for io.projectreactor.netty:reactor-netty-http (Maven) Feb 10, 2022
Data Amplification in Play Framework High
CVE-2020-26882 was published for com.typesafe.play:play (Maven) Feb 10, 2022
Out-of-bounds Write in Play Framework High
CVE-2020-27196 was published for com.typesafe.play:play (Maven) Feb 10, 2022
Uncontrolled Recursion in Play Framework High
CVE-2020-26883 was published for com.typesafe.play:play (Maven) Feb 10, 2022
Improper Validation of Specified Quantity in Input in Eclipse Hono High
CVE-2020-27217 was published for org.eclipse.hono:hono-core (Maven) Feb 10, 2022
Improper Restriction of XML External Entity Reference High
CVE-2020-13692 was published for org.postgresql:postgresql (Maven) Feb 10, 2022
SunBK201
Cross site scripting in registration template in xwiki-platform High
CVE-2022-23622 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Feb 9, 2022
Improper Input Validation in Apache Unomi High
CVE-2020-11975 was published for org.apache.unomi:unomi (Maven) Feb 9, 2022
Path Traversal in Crafter CMS Crafter Studio High
CVE-2017-15684 was published for org.craftercms:crafter-studio (Maven) Feb 9, 2022
XML Injection in Crafter CMS Crafter Studio 3.0.1 High
CVE-2017-15685 was published for org.craftercms:crafter-studio (Maven) Feb 9, 2022
Improper Control of Dynamically-Managed Code Resources in Crafter CMS Crafter Studio High
CVE-2020-25802 was published for org.craftercms:crafter-studio (Maven) Feb 9, 2022
Improper Control of Dynamically-Managed Code Resources in Crafter CMS Crafter Studio High
CVE-2020-25803 was published for org.craftercms:crafter-studio (Maven) Feb 9, 2022
Incorrect Default Permissions in Apache Tomcat High
CVE-2020-8022 was published for org.apache.tomcat:tomcat (Maven) Feb 9, 2022 withdrawn
westonsteimel
Uncontrolled Resource Consumption in Apache Tomcat High
CVE-2020-11996 was published for org.apache.tomcat:tomcat (Maven) Feb 9, 2022
sunSUNQ
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database