GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,980
Erlang
29
GitHub Actions
16
Go
1,769
Maven
4,994
npm
3,540
NuGet
616
pip
3,110
Pub
10
RubyGems
837
Rust
787
Swift
34
Unreviewed advisories
All unreviewed
5,000+
103 advisories
Filter by severity
Path Traversal in Eclipse Mojarra
Moderate
CVE-2013-3827
was published
for
org.glassfish:javax.faces
(Maven)
May 17, 2022
Improper Certificate Validation in vt-ldap
Moderate
CVE-2014-3607
was published
for
edu.internet2.middleware:shibboleth-identityprovider
(Maven)
May 14, 2022
JBoss RichFaces Improper Input Validation vulnerability
Moderate
CVE-2014-0086
was published
for
org.richfaces:richfaces
(Maven)
May 17, 2022
Cross-Site Request Forgery in Jolokia
Moderate
CVE-2014-0168
was published
for
org.jolokia:jolokia-core
(Maven)
May 17, 2022
Improper Control of Generation of Code in HawtJNI
Moderate
CVE-2013-2035
was published
for
org.fusesource.hawtjni:hawtjni-runtime
(Maven)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Direct Web Remoting
Moderate
CVE-2014-5325
was published
for
org.directwebremoting:dwr
(Maven)
May 17, 2022
Improper Neutralization of Input During Web Page Generation in Mojarra
Moderate
CVE-2013-5855
was published
for
org.glassfish:javax.faces
(Maven)
May 14, 2022
Improper Input Validation in Bouncy Castle
Moderate
CVE-2013-1624
was published
for
org.bouncycastle:bcprov-jdk15on
(Maven)
May 14, 2022
Improper Neutralization of Input During Web Page Generation in Direct Web Remoting
Moderate
CVE-2014-5326
was published
for
org.directwebremoting:dwr
(Maven)
May 17, 2022
Improper Link Resolution Before File Access in Apache Hadoop
Moderate
CVE-2014-3627
was published
for
org.apache.hadoop:hadoop-client
(Maven)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in OpenSAML
Moderate
CVE-2013-6440
was published
for
org.opensaml:opensaml
(Maven)
May 13, 2022
Improper Input Validation in Apache Karaf
Moderate
CVE-2014-0219
was published
for
org.apache.karaf:apache-karaf
(Maven)
May 14, 2022
Improper Neutralization of Input During Web Page Generation in JAMon
Moderate
CVE-2013-6235
was published
for
com.jamonapi:jamon
(Maven)
May 14, 2022
Improper Access Control in Apache Tomcat
Moderate
CVE-2014-7810
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Improper Limitation of a Pathname to a Restricted Directory in JBoss Undertow
Moderate
CVE-2014-7816
was published
for
io.undertow:undertow-core
(Maven)
May 17, 2022
Improper Neutralization of Input During Web Page Generation in Apache Solr
Moderate
CVE-2014-3628
was published
for
org.apache.solr:solr
(Maven)
May 17, 2022
XML External Entity Reference in RESTEasy
Moderate
CVE-2014-7839
was published
for
org.jboss.resteasy:resteasy-jaxrs
(Maven)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in JGroup
Moderate
CVE-2013-4112
was published
for
org.jgroups:jgroups
(Maven)
May 17, 2022
Improper Authentication in Apache Hadoop
Moderate
CVE-2014-0229
was published
for
org.apache.hadoop:hadoop-common
(Maven)
May 17, 2022
Improper Validation of Certificate with Host Mismatch in Not Yet Commons SSL
Moderate
CVE-2014-3604
was published
for
ca.juliusdavies:not-yet-commons-ssl
(Maven)
May 14, 2022
Improper Input Validation in Apache Tomcat
Moderate
CVE-2014-0033
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Loop with Unreachable Exit Condition in Apache POI
Moderate
CVE-2014-9527
was published
for
org.apache.poi:poi
(Maven)
May 17, 2022
Improper Validation of Certificate with Host Mismatch in Shibboleth Identity Provider and OpenSAML Java
Moderate
CVE-2014-3603
was published
for
edu.internet2.middleware:shibboleth-identityprovider
(Maven)
May 14, 2022
Improper Restriction of XML External Entity Reference in Castor
Moderate
CVE-2014-3004
was published
for
org.codehaus.castor:castor
(Maven)
May 13, 2022
Man-in-the-middle attack in Apache Axis
Moderate
CVE-2012-5784
was published
for
axis:axis
(Maven)
Oct 7, 2020
ProTip!
Advisories are also available from the
GraphQL API