GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,125
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+
2,960 advisories
Filter by severity
Prototype Pollution in just-extend
Critical
CVE-2018-16489
was published
for
just-extend
(npm)
Feb 7, 2019
Prototype Pollution in defaults-deep
Critical
CVE-2018-16486
was published
for
defaults-deep
(npm)
Feb 7, 2019
Apache Airflow vulnerable to XSS
Critical
CVE-2017-17836
was published
for
apache-airflow
(pip)
Jan 25, 2019
Vulnerability that affects org.springframework.ws:spring-ws and org.springframework.ws:spring-xml
Critical
CVE-2019-3773
was published
for
org.springframework.ws:spring-ws
(Maven)
Jan 25, 2019
modulemd uses an unsafe function for processing externally provided data
Critical
CVE-2017-1002157
was published
for
modulemd
(pip)
Jan 17, 2019
XML External Entity Reference in Apache Karaf
Critical
CVE-2018-11788
was published
for
org.apache.karaf.specs:org.apache.karaf.specs.java.xml
(Maven)
Jan 7, 2019
XML External Entity Reference in mchange:c3p0
Critical
CVE-2018-20433
was published
for
com.mchange:c3p0
(Maven)
Jan 7, 2019
Arbitrary Code Execution in jackson-databind
Critical
CVE-2018-14719
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jan 4, 2019
XML External Entity Reference (XXE) in jackson-databind
Critical
CVE-2018-14720
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jan 4, 2019
Server-Side Request Forgery (SSRF) in jackson-databind
Critical
CVE-2018-14721
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jan 4, 2019
com.fasterxml.jackson.core:jackson-databind vulnerable to Deserialization of Untrusted Data
Critical
CVE-2018-19362
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jan 4, 2019
Deserialization of Untrusted Data in jackson-databind
Critical
CVE-2018-19361
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jan 4, 2019
Deserialization of Untrusted Data in jackson-databind due to polymorphic deserialization
Critical
CVE-2018-19360
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jan 4, 2019
Arbitrary Code Execution in jackson-databind
Critical
CVE-2018-14718
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jan 4, 2019
Bleach URI Scheme Restriction Bypass
Critical
CVE-2018-7753
was published
for
bleach
(pip)
Jan 4, 2019
PyYAML insecurely deserializes YAML strings leading to arbitrary code execution
Critical
CVE-2017-18342
was published
for
pyyaml
(pip)
Jan 4, 2019
Code injection in Danijar Definitions
Critical
CVE-2018-20325
was published
for
definitions
(pip)
Dec 26, 2018
Improper Access Control in commons-fileupload
Critical
CVE-2016-1000031
was published
for
commons-fileupload:commons-fileupload
(Maven)
Dec 21, 2018
Exposure of Sensitive Information in Hadoop
Critical
CVE-2017-15718
was published
for
org.apache.hadoop:hadoop-main
(Maven)
Dec 21, 2018
XML External Entity (XXE) vulnerability in Square Retrofit
Critical
CVE-2018-1000844
was published
for
com.squareup.retrofit2:retrofit
(Maven)
Dec 21, 2018
Remote Code Execution in esigate-core
Critical
CVE-2018-1000854
was published
for
org.esigate:esigate-core
(Maven)
Dec 21, 2018
XML External Entity (XXE) vulnerability in bw-calendar-engine
Critical
CVE-2018-1000836
was published
for
org.bedework.caleng:bw-calendar-engine
(Maven)
Dec 20, 2018
exist-db:exist-core XML External Entity (XXE) vulnerability
Critical
CVE-2018-1000823
was published
for
org.exist-db:exist-core
(Maven)
Dec 20, 2018
XML External Entity (XXE) vulnerability in codelibs fess
Critical
CVE-2018-1000822
was published
for
org.codelibs.fess:fess
(Maven)
Dec 20, 2018
ProTip!
Advisories are also available from the
GraphQL API