Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
50
GitHub Actions
50
Go
3,682
Maven
5,000+
npm
5,000+
NuGet
932
pip
4,914
Pub
13
RubyGems
1,053
Rust
1,318
Swift
53
Unreviewed advisories
All unreviewed
5,000+

7 advisories

Loading
Hibernate vulnerable to SQL Injection High
CVE-2026-0603 was published for org.hibernate:hibernate-core (Maven) Jan 23, 2026
kmoens Credited to kmoens
Jakarta Mail vulnerable to SMTP Injection Moderate
CVE-2025-7962 was published for com.sun.mail:jakarta.mail (Maven) Jul 21, 2025
kmoens Credited to kmoens
JSON-lib mishandles an unbalanced comment string Moderate
CVE-2024-47855 was published for net.sf.json-lib:json-lib (Maven) Oct 4, 2024
kmoens Credited to kmoens
Bouncy Castle Java Cryptography API vulnerable to DNS poisoning Moderate
CVE-2024-34447 was published for org.bouncycastle:bcprov-jdk12 (Maven) May 3, 2024
samueloph Credited to samueloph, binary-1024, hmolsen, and kmoens binary-1024 binary-1024
hmolsen hmolsen kmoens kmoens
Improper Access Control in Apache WSS4J Moderate
CVE-2015-0227 was published for org.apache.ws.security:wss4j (Maven) May 14, 2022
kmoens Credited to kmoens
Improper Restriction of XML External Entity Reference in Castor Moderate
CVE-2014-3004 was published for castor:castor (Maven) May 13, 2022
AndrzejBiernacki2010 Credited to AndrzejBiernacki2010 and kmoens kmoens kmoens
Use of a Broken or Risky Cryptographic Algorithm in Apache WSS4J Moderate
CVE-2011-2487 was published for org.apache.ws.security:wss4j (Maven) Apr 22, 2022
kmoens Credited to kmoens
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database