GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,634
NuGet
638
pip
3,250
Pub
10
RubyGems
867
Rust
819
Swift
35
Unreviewed advisories
All unreviewed
5,000+
720 advisories
Filter by severity
Cross-site Scripting in com.erudika:para-core
Critical
CVE-2022-1782
was published
for
com.erudika:para-core
(Maven)
May 19, 2022
Path traversal in Hadoop
Critical
CVE-2022-26612
was published
for
org.apache.hadoop:hadoop-common
(Maven)
Apr 8, 2022
Improper Restriction of XML External Entity Reference in soa-model
Critical
CVE-2021-43090
was published
for
com.predic8:soa-model-core
(Maven)
Mar 26, 2022
Apache Shiro vulnerable to a specially crafted HTTP request causing an authentication bypass
Critical
CVE-2021-41303
was published
for
org.apache.shiro:shiro-core
(Maven)
Sep 20, 2021
Jeecg-boot is vulnerable to SQL injection
Critical
CVE-2022-47105
was published
for
org.jeecgframework.boot:jeecg-boot-base-core
(Maven)
Jan 19, 2023
Keycloak vulnerable to path traversal via double URL encoding
Critical
CVE-2022-3782
was published
for
org.keycloak:keycloak-parent
(Maven)
Dec 13, 2022
MITM based Zip Slip in `org.hl7.fhir.publisher:org.hl7.fhir.publisher`
Critical
GHSA-xr8x-pxm6-prjg
was published
for
org.hl7.fhir.publisher:org.hl7.fhir.publisher
(Maven)
Jan 23, 2023
thenify before 3.3.1 made use of unsafe calls to `eval`.
Critical
CVE-2020-7677
was published
for
org.webjars.npm:thenify
(Maven)
Jul 18, 2022
Java Melody vulnerable to cross-site scripting
Critical
CVE-2016-1000273
was published
for
net.bull.javamelody:javamelody-core
(Maven)
Jul 20, 2022
exist-db:exist-core XML External Entity (XXE) vulnerability
Critical
CVE-2018-1000823
was published
for
org.exist-db:exist-core
(Maven)
Dec 20, 2018
Security Advisory for "Log4Shell"
Critical
GHSA-v57x-gxfj-484q
was published
for
com.hazelcast.jet:hazelcast-jet
(Maven)
Jan 21, 2022
Remote code injection, Improper Input Validation and Uncontrolled Recursion in Log4j library
Critical
GHSA-3qpm-h9ch-px3c
was published
for
org.powernukkit:powernukkit
(Maven)
Jan 6, 2022
Apache Log4j Remote Code Execution
Critical
GHSA-mf4f-j588-5xm8
was published
for
org.opencastproject:opencast-common
(Maven)
Dec 14, 2021
Remote code injection in Log4j (through pax-logging-log4j2)
Critical
GHSA-xxfh-x98p-j8fr
was published
for
org.ops4j.pax.logging:pax-logging-log4j2
(Maven)
Dec 10, 2021
Inadequate Encryption Strength
Critical
CVE-2017-1000486
was published
for
org.primefaces:primefaces
(Maven)
Jun 3, 2021
Critical vulnerability in log4j may affect generated PEAR projects
Critical
GHSA-j7c3-96rf-jrrp
was published
for
de.averbis.textanalysis:pear-archetype
(Maven)
Dec 16, 2021
Remote code injection in Log4j
Critical
GHSA-94g7-hpv8-h9qm
was published
for
com.splunk.logging:splunk-library-javalogging
(Maven)
Dec 14, 2021
Unauthenticated Remote Code Execution in Apache JMeter
Critical
CVE-2019-0187
was published
for
org.apache.jmeter:ApacheJMeter
(Maven)
Mar 7, 2019
Remote Code Execution in spark-core
Critical
CVE-2018-17190
was published
for
org.apache.spark:spark-core_2.10
(Maven)
Nov 21, 2018
XML External Entity (XXE) vulnerability in bw-calendar-engine
Critical
CVE-2018-1000836
was published
for
org.bedework.caleng:bw-calendar-engine
(Maven)
Dec 20, 2018
Unrestricted Upload of File with Dangerous Type in mingsoft:ms-mcms
Critical
CVE-2018-18830
was published
for
net.mingsoft:ms-mcms
(Maven)
Nov 1, 2018
Remote Code Execution in esigate-core
Critical
CVE-2018-1000854
was published
for
org.esigate:esigate-core
(Maven)
Dec 21, 2018
Exposure of Sensitive Information in Hadoop
Critical
CVE-2017-15718
was published
for
org.apache.hadoop:hadoop-main
(Maven)
Dec 21, 2018
XML External Entity Reference in mchange:c3p0
Critical
CVE-2018-20433
was published
for
com.mchange:c3p0
(Maven)
Jan 7, 2019
Eclipse RDF4j vulnerable to XML External Entitiy
Critical
CVE-2018-1000644
was published
for
org.eclipse.rdf4j:rdf4j-runtime
(Maven)
Oct 19, 2018
ProTip!
Advisories are also available from the
GraphQL API