GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
10,604 advisories
Filter by severity
High severity vulnerability that affects org.apache.cxf.fediz:fediz-jetty8, org.apache.cxf.fediz:fediz-jetty9, org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cxf.fediz:fediz-spring3
High
CVE-2018-8038
was published
for
org.apache.cxf.fediz:fediz-jetty8
(Maven)
Oct 18, 2018
Apache CXF Fediz application plugins are vulnerable to Denial of Service (DoS) attacks
High
CVE-2015-5175
was published
for
org.apache.cxf.fediz:fediz-core
(Maven)
Oct 18, 2018
OrientDB Studio web management interface is vulnerable to clickjacking attacks
Moderate
CVE-2015-2918
was published
for
com.orientechnologies:orientdb-studio
(Maven)
Oct 18, 2018
Apache Struts vulnerable to remote arbitrary command execution due to improper input validation
Critical
CVE-2017-5638
was published
for
org.apache.struts:struts2-core
(Maven)
Oct 18, 2018
Apache Struts vulnerable to remote command execution (RCE) due to improper input validation
High
CVE-2018-11776
was published
for
org.apache.struts:struts2-core
(Maven)
Oct 18, 2018
Moderate severity vulnerability that affects org.apache.qpid:apache-qpid-broker-j
Moderate
CVE-2018-1298
was published
for
org.apache.qpid:apache-qpid-broker-j
(Maven)
Oct 19, 2018
Improper Input Validation in async-http-client
High
CVE-2017-14063
was published
for
org.asynchttpclient:async-http-client
(Maven)
Oct 19, 2018
Improper Input Validation in org.wildfly:wildfly-undertow
Moderate
CVE-2018-1047
was published
for
org.wildfly:wildfly-undertow
(Maven)
Oct 19, 2018
Improper Input Validation in alilibaba:fastjson
Critical
CVE-2017-18349
was published
for
com.alibaba:fastjson
(Maven)
Oct 24, 2018
Improper Input Validation in kdcproxy
High
CVE-2015-5159
was published
for
kdcproxy
(pip)
Nov 1, 2018
Forgeable Public/Private Tokens in jwt-simple
Critical
CVE-2016-10555
was published
for
jwt-simple
(npm)
Nov 6, 2018
python-gnupg vulnerable to shell injection
Moderate
CVE-2014-1929
was published
for
python-gnupg
(pip)
Nov 6, 2018
Moderate severity vulnerability that affects python-gnupg
Moderate
CVE-2014-1928
was published
for
python-gnupg
(pip)
Nov 6, 2018
High severity vulnerability that affects python-gnupg
High
CVE-2014-1927
was published
for
python-gnupg
(pip)
Nov 6, 2018
High severity vulnerability that affects org.apache.syncope:syncope-core
High
CVE-2018-1321
was published
for
org.apache.syncope:syncope-core
(Maven)
Nov 6, 2018
Prototype Pollution in cached-path-relative
High
CVE-2018-16472
was published
for
cached-path-relative
(npm)
Nov 7, 2018
Header Forgery in http-signature
High
CVE-2017-16005
was published
for
http-signature
(npm)
Nov 9, 2018
Moderate severity vulnerability that affects org.apache.oozie:oozie-core
Moderate
CVE-2018-11799
was published
for
org.apache.oozie:oozie-core
(Maven)
Dec 20, 2018
Apache NiFi Improper Input Validation vulnerability
High
CVE-2018-17194
was published
for
org.apache.nifi:nifi-framework-cluster
(Maven)
Dec 20, 2018
Moderate severity vulnerability that affects com.fasterxml.jackson.datatype:jackson-datatype-jsr353
Moderate
CVE-2018-1000873
was published
for
com.fasterxml.jackson.datatype:jackson-datatype-jsr310
(Maven)
Dec 21, 2018
High severity vulnerability that affects commons-fileupload:commons-fileupload
High
CVE-2016-3092
was published
for
commons-fileupload:commons-fileupload
(Maven)
Dec 21, 2018
Commons FileUpload Denial of service vulnerability
High
CVE-2014-0050
was published
for
commons-fileupload:commons-fileupload
(Maven)
Dec 21, 2018
Missing Origin Validation in webpack-dev-server
High
CVE-2018-14732
was published
for
webpack-dev-server
(npm)
Jan 4, 2019
Bleach URI Scheme Restriction Bypass
Critical
CVE-2018-7753
was published
for
bleach
(pip)
Jan 4, 2019
High severity vulnerability that affects privacyIDEA
High
CVE-2018-1000809
was published
for
privacyIDEA
(pip)
Jan 14, 2019
ProTip!
Advisories are also available from the
GraphQL API