GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
702 advisories
Filter by severity
Improper Input Validation in Spring AMQP
Critical
CVE-2016-2173
was published
for
org.springframework.amqp:spring-amqp
(Maven)
May 13, 2022
Policies not properly enforced in OWASP Java HTML Sanitizer
Critical
CVE-2021-42575
was published
for
com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer
(Maven)
Oct 19, 2021
Improper Neutralization of Special Elements in Output Used by a Downstream Component in Apache Groovy
Critical
CVE-2015-3253
was published
for
org.codehaus.groovy:groovy
(Maven)
May 13, 2022
Deserialization of Untrusted Data in Jython
Critical
CVE-2016-4000
was published
for
org.python:jython
(Maven)
May 13, 2022
Deserialization of Untrusted Data in Jenkins
Critical
CVE-2017-1000353
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Improper Restriction of XML External Entity Reference in Apace Derby
Critical
CVE-2015-1832
was published
for
org.apache.derby:derby
(Maven)
May 13, 2022
OS Command Injection in Plexus-utils
Critical
CVE-2017-1000487
was published
for
org.codehaus.plexus:plexus-utils
(Maven)
May 13, 2022
Cross-site Scripting in com.erudika:para-core
Critical
CVE-2022-1782
was published
for
com.erudika:para-core
(Maven)
May 19, 2022
Path traversal in Hadoop
Critical
CVE-2022-26612
was published
for
org.apache.hadoop:hadoop-common
(Maven)
Apr 8, 2022
Improper Restriction of XML External Entity Reference in soa-model
Critical
CVE-2021-43090
was published
for
com.predic8:soa-model-core
(Maven)
Mar 26, 2022
Apache Shiro vulnerable to a specially crafted HTTP request causing an authentication bypass
Critical
CVE-2021-41303
was published
for
org.apache.shiro:shiro-core
(Maven)
Sep 20, 2021
Jeecg-boot is vulnerable to SQL injection
Critical
CVE-2022-47105
was published
for
org.jeecgframework.boot:jeecg-boot-base-core
(Maven)
Jan 19, 2023
Keycloak vulnerable to path traversal via double URL encoding
Critical
CVE-2022-3782
was published
for
org.keycloak:keycloak-parent
(Maven)
Dec 13, 2022
MITM based Zip Slip in `org.hl7.fhir.publisher:org.hl7.fhir.publisher`
Critical
GHSA-xr8x-pxm6-prjg
was published
for
org.hl7.fhir.publisher:org.hl7.fhir.publisher
(Maven)
Jan 23, 2023
thenify before 3.3.1 made use of unsafe calls to `eval`.
Critical
CVE-2020-7677
was published
for
org.webjars.npm:thenify
(Maven)
Jul 18, 2022
Java Melody vulnerable to cross-site scripting
Critical
CVE-2016-1000273
was published
for
net.bull.javamelody:javamelody-core
(Maven)
Jul 20, 2022
exist-db:exist-core XML External Entity (XXE) vulnerability
Critical
CVE-2018-1000823
was published
for
org.exist-db:exist-core
(Maven)
Dec 20, 2018
Security Advisory for "Log4Shell"
Critical
GHSA-v57x-gxfj-484q
was published
for
com.hazelcast.jet:hazelcast-jet
(Maven)
Jan 21, 2022
Remote code injection, Improper Input Validation and Uncontrolled Recursion in Log4j library
Critical
GHSA-3qpm-h9ch-px3c
was published
for
org.powernukkit:powernukkit
(Maven)
Jan 6, 2022
Apache Log4j Remote Code Execution
Critical
GHSA-mf4f-j588-5xm8
was published
for
org.opencastproject:opencast-common
(Maven)
Dec 14, 2021
Remote code injection in Log4j (through pax-logging-log4j2)
Critical
GHSA-xxfh-x98p-j8fr
was published
for
org.ops4j.pax.logging:pax-logging-log4j2
(Maven)
Dec 10, 2021
Inadequate Encryption Strength
Critical
CVE-2017-1000486
was published
for
org.primefaces:primefaces
(Maven)
Jun 3, 2021
Critical vulnerability in log4j may affect generated PEAR projects
Critical
GHSA-j7c3-96rf-jrrp
was published
for
de.averbis.textanalysis:pear-archetype
(Maven)
Dec 16, 2021
Remote code injection in Log4j
Critical
GHSA-94g7-hpv8-h9qm
was published
for
com.splunk.logging:splunk-library-javalogging
(Maven)
Dec 14, 2021
Remote Code Execution in spark-core
Critical
CVE-2018-17190
was published
for
org.apache.spark:spark-core_2.10
(Maven)
Nov 21, 2018
ProTip!
Advisories are also available from the
GraphQL API