Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

10,604 advisories

Loading
High severity vulnerability that affects org.apache.cxf.fediz:fediz-jetty8, org.apache.cxf.fediz:fediz-jetty9, org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cxf.fediz:fediz-spring3 High
CVE-2018-8038 was published for org.apache.cxf.fediz:fediz-jetty8 (Maven) Oct 18, 2018
Apache CXF Fediz application plugins are vulnerable to Denial of Service (DoS) attacks High
CVE-2015-5175 was published for org.apache.cxf.fediz:fediz-core (Maven) Oct 18, 2018
OrientDB Studio web management interface is vulnerable to clickjacking attacks Moderate
CVE-2015-2918 was published for com.orientechnologies:orientdb-studio (Maven) Oct 18, 2018
Apache Struts vulnerable to remote arbitrary command execution due to improper input validation Critical
CVE-2017-5638 was published for org.apache.struts:struts2-core (Maven) Oct 18, 2018
sunSUNQ
Apache Struts vulnerable to remote command execution (RCE) due to improper input validation High
CVE-2018-11776 was published for org.apache.struts:struts2-core (Maven) Oct 18, 2018
sunSUNQ
Moderate severity vulnerability that affects org.apache.qpid:apache-qpid-broker-j Moderate
CVE-2018-1298 was published for org.apache.qpid:apache-qpid-broker-j (Maven) Oct 19, 2018
Improper Input Validation in async-http-client High
CVE-2017-14063 was published for org.asynchttpclient:async-http-client (Maven) Oct 19, 2018
Improper Input Validation in org.wildfly:wildfly-undertow Moderate
CVE-2018-1047 was published for org.wildfly:wildfly-undertow (Maven) Oct 19, 2018
Improper Input Validation in alilibaba:fastjson Critical
CVE-2017-18349 was published for com.alibaba:fastjson (Maven) Oct 24, 2018
Improper Input Validation in kdcproxy High
CVE-2015-5159 was published for kdcproxy (pip) Nov 1, 2018
Forgeable Public/Private Tokens in jwt-simple Critical
CVE-2016-10555 was published for jwt-simple (npm) Nov 6, 2018
python-gnupg vulnerable to shell injection Moderate
CVE-2014-1929 was published for python-gnupg (pip) Nov 6, 2018
Moderate severity vulnerability that affects python-gnupg Moderate
CVE-2014-1928 was published for python-gnupg (pip) Nov 6, 2018
High severity vulnerability that affects python-gnupg High
CVE-2014-1927 was published for python-gnupg (pip) Nov 6, 2018
High severity vulnerability that affects org.apache.syncope:syncope-core High
CVE-2018-1321 was published for org.apache.syncope:syncope-core (Maven) Nov 6, 2018
MarkLee131
Prototype Pollution in cached-path-relative High
CVE-2018-16472 was published for cached-path-relative (npm) Nov 7, 2018
Header Forgery in http-signature High
CVE-2017-16005 was published for http-signature (npm) Nov 9, 2018
Moderate severity vulnerability that affects org.apache.oozie:oozie-core Moderate
CVE-2018-11799 was published for org.apache.oozie:oozie-core (Maven) Dec 20, 2018
Apache NiFi Improper Input Validation vulnerability High
CVE-2018-17194 was published for org.apache.nifi:nifi-framework-cluster (Maven) Dec 20, 2018
MarkLee131
Moderate severity vulnerability that affects com.fasterxml.jackson.datatype:jackson-datatype-jsr353 Moderate
CVE-2018-1000873 was published for com.fasterxml.jackson.datatype:jackson-datatype-jsr310 (Maven) Dec 21, 2018
High severity vulnerability that affects commons-fileupload:commons-fileupload High
CVE-2016-3092 was published for commons-fileupload:commons-fileupload (Maven) Dec 21, 2018
Commons FileUpload Denial of service vulnerability High
CVE-2014-0050 was published for commons-fileupload:commons-fileupload (Maven) Dec 21, 2018
MarkLee131
Missing Origin Validation in webpack-dev-server High
CVE-2018-14732 was published for webpack-dev-server (npm) Jan 4, 2019
NikoRaisanen
Bleach URI Scheme Restriction Bypass Critical
CVE-2018-7753 was published for bleach (pip) Jan 4, 2019
High severity vulnerability that affects privacyIDEA High
CVE-2018-1000809 was published for privacyIDEA (pip) Jan 14, 2019
ProTip! Advisories are also available from the GraphQL API