GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,958
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,971
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+
4,971 advisories
Filter by severity
Improper Input Validation in alilibaba:fastjson
Critical
CVE-2017-18349
was published
for
com.alibaba:fastjson
(Maven)
Oct 24, 2018
Use of Insufficiently Random Values in penggle:kaptcha
Critical
CVE-2018-18531
was published
for
com.github.penggle:kaptcha
(Maven)
Oct 23, 2018
Improper Restriction of Operations within the Bounds of a Memory Buffer in akka-http-core
High
CVE-2017-1000118
was published
for
com.typesafe.akka:akka-http-core_2.11
(Maven)
Oct 22, 2018
Akka Java Serialization vulnerability
High
CVE-2017-1000034
was published
for
com.typesafe.akka:akka-actor
(Maven)
Oct 22, 2018
Cryptographically Weak Pseudo-Random Number Generator (PRNG) in akka-actor
Critical
CVE-2018-16115
was published
for
com.typesafe.akka:akka-actor_2.11
(Maven)
Oct 22, 2018
High severity vulnerability that affects com.typesafe.akka:akka-http-core_2.11 and com.typesafe.akka:akka-http-core_2.12
High
CVE-2018-16131
was published
for
com.typesafe.akka:akka-http-core_2.11
(Maven)
Oct 22, 2018
Authorization bypass in org.springframework.security.oauth:spring-security-oauth2
High
CVE-2018-15758
was published
for
org.springframework.security.oauth:spring-security-oauth2
(Maven)
Oct 19, 2018
Moderate severity vulnerability that affects io.vertx:vertx-core
Moderate
CVE-2018-12537
was published
for
io.vertx:vertx-core
(Maven)
Oct 19, 2018
Moderate severity vulnerability that affects com.sparkjava:spark-core
Moderate
CVE-2018-9159
was published
for
com.sparkjava:spark-core
(Maven)
Oct 19, 2018
Improper Input Validation in org.wildfly:wildfly-undertow
Moderate
CVE-2018-1047
was published
for
org.wildfly:wildfly-undertow
(Maven)
Oct 19, 2018
Undertow-core vulnerable to HTTP Request Smuggling
Moderate
CVE-2017-2666
was published
for
io.undertow:undertow-core
(Maven)
Oct 19, 2018
Moderate severity vulnerability that affects io.undertow:undertow-core
Moderate
CVE-2017-2670
was published
for
io.undertow:undertow-core
(Maven)
Oct 19, 2018
Eclipse RDF4j vulnerable to XML External Entitiy
Critical
CVE-2018-1000644
was published
for
org.eclipse.rdf4j:rdf4j-runtime
(Maven)
Oct 19, 2018
Moderate severity vulnerability that affects org.postgresql:pgjdbc-aggregate
Moderate
CVE-2018-10936
was published
for
org.postgresql:pgjdbc-aggregate
(Maven)
Oct 19, 2018
High severity vulnerability that affects org.dspace:dspace-xmlui
High
CVE-2016-10726
was published
for
org.dspace:dspace-xmlui
(Maven)
Oct 19, 2018
Server Side Request Forgery in svgSalamander
High
CVE-2017-5617
was published
for
com.kitfox.svg:svg-salamander
(Maven)
Oct 19, 2018
High severity vulnerability that affects org.scala-lang:scala-compiler
High
CVE-2017-15288
was published
for
org.scala-lang:scala-compiler
(Maven)
Oct 19, 2018
Improper Input Validation in async-http-client
High
CVE-2017-14063
was published
for
org.asynchttpclient:async-http-client
(Maven)
Oct 19, 2018
Android SVG vulnerable to XML External Entity (XXE)
High
CVE-2017-1000498
was published
for
com.caverock:androidsvg
(Maven)
Oct 19, 2018
Deserialization of Untrusted Data in swagger-parser
High
CVE-2017-1000208
was published
for
io.swagger:swagger-codegen
(Maven)
Oct 19, 2018
Deserialization of Untrusted Data in swagger-codegen
High
CVE-2017-1000207
was published
for
io.swagger:swagger-codegen
(Maven)
Oct 19, 2018
Moderate severity vulnerability that affects org.grails.plugins:fields and org.grails:grails-core
Moderate
CVE-2018-1000529
was published
for
org.grails.plugins:fields
(Maven)
Oct 19, 2018
Improper Certificate Validation in Apache activemq-client
High
CVE-2018-11775
was published
for
org.apache.activemq:activemq-client
(Maven)
Oct 19, 2018
Apache juddi-client vulnerable to XML External Entity (XXE)
High
CVE-2018-1307
was published
for
org.apache.juddi:juddi-client
(Maven)
Oct 19, 2018
Moderate severity vulnerability that affects org.apache.qpid:apache-qpid-broker-j
Moderate
CVE-2018-1298
was published
for
org.apache.qpid:apache-qpid-broker-j
(Maven)
Oct 19, 2018
ProTip!
Advisories are also available from the
GraphQL API