GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
103 advisories
Filter by severity
Cross-Site Request Forgery in Apache Struts
Moderate
CVE-2014-7809
was published
for
org.apache.struts:struts2-core
(Maven)
May 14, 2022
Improper Input Validation in Bouncy Castle
Moderate
CVE-2013-1624
was published
for
org.bouncycastle:bcprov-jdk15on
(Maven)
May 14, 2022
Jenkins Cross-site Scripting vulnerability
Moderate
CVE-2014-3681
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
Improper Input Validation in Apache Karaf
Moderate
CVE-2014-0219
was published
for
org.apache.karaf:apache-karaf
(Maven)
May 14, 2022
Improper Authentication in Hibernate Validator
Moderate
CVE-2014-3558
was published
for
org.hibernate:hibernate-validator
(Maven)
May 14, 2022
Apache Syncope JEXL Code Injection
Moderate
CVE-2014-0111
was published
for
org.apache.syncope:syncope
(Maven)
May 14, 2022
Improper Neutralization of Input During Web Page Generation in Spring Framework
Moderate
CVE-2014-1904
was published
for
org.springframework:spring-webmvc
(Maven)
May 14, 2022
Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ
Moderate
CVE-2014-8110
was published
for
org.apache.activemq:activemq-client
(Maven)
May 14, 2022
Improper Validation of Certificate with Host Mismatch in Shibboleth Identity Provider and OpenSAML Java
Moderate
CVE-2014-3603
was published
for
edu.internet2.middleware:shibboleth-identityprovider
(Maven)
May 14, 2022
UberFire Framework Improperly Restricts Paths
Moderate
CVE-2014-8114
was published
for
org.uberfire:uberfire-parent
(Maven)
May 14, 2022
Apache Tomcat is vulnerable to HTTP request-smuggling
Moderate
CVE-2013-4286
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Improper Input Validation in Apache Tomcat
Moderate
CVE-2014-0033
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Apache Tomcat Denial of Service vulnerability
Moderate
CVE-2013-4322
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
Moderate
CVE-2013-4590
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Integer Overflow or Wraparound in Apache Tomcat
Moderate
CVE-2014-0075
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Tomcat
Moderate
CVE-2014-0099
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Improper Input Validation in Apache Tomcat
Moderate
CVE-2014-0096
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Missing XML Validation in Apache Tomcat
Moderate
CVE-2014-0119
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Improper Input Validation in Apache Tomcat
Moderate
CVE-2014-0227
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Improper Access Control in Apache Tomcat
Moderate
CVE-2014-7810
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Improper Limitation of a Pathname to a Restricted Directory in Spring Framework
Moderate
CVE-2014-3578
was published
for
org.springframework:spring-core
(Maven)
May 14, 2022
ClassLoader manipulation in Apache Struts
Moderate
CVE-2014-0094
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 14, 2022
Apache XML Security For Java vulnerable to Infinite Loop
Moderate
CVE-2013-5823
was published
for
org.apache.santuario:xmlsec
(Maven)
May 14, 2022
Netty denial of service vulnerability
Moderate
CVE-2014-0193
was published
for
io.netty:netty
(Maven)
May 13, 2022
Improper Control of Generation of Code in Apache Camel
Moderate
CVE-2013-4330
was published
for
org.apache.camel:camel-core
(Maven)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API