GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
702 advisories
Filter by severity
Deserialization of Untrusted Data in Apache Batik
Critical
CVE-2018-8013
was published
for
org.apache.xmlgraphics:batik
(Maven)
May 13, 2022
Improper Restriction of XML External Entity Reference in pippo-core
Critical
CVE-2018-20059
was published
for
ro.pippo:pippo-core
(Maven)
Dec 19, 2018
Deserialization of Untrusted Data in Pippo
Critical
CVE-2018-18628
was published
for
ro.pippo:pippo-core
(Maven)
Oct 24, 2018
Jenkins CLI Deserialization of Untrusted Data vulnerability
Critical
CVE-2015-8103
was published
for
org.jenkins-ci.main:cli
(Maven)
May 13, 2022
Deserialization of Untrusted Data in jackson-databind
Critical
CVE-2018-11307
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jul 16, 2019
jackson-databind is vulnerable to a deserialization flaw
Critical
CVE-2017-7525
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Oct 16, 2018
jackson-databind vulnerable to remote code execution due to incorrect deserialization and blocklist bypass
Critical
CVE-2017-17485
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Oct 18, 2018
Cloud Foundry UAA privilege escalation with user invitations
Critical
CVE-2017-4992
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 13, 2022
com.enonic.xp:lib-auth vulnerable to Session Fixation
Critical
GHSA-4m5p-5w5w-3jcf
was published
for
com.enonic.xp:lib-auth
(Maven)
Oct 12, 2022
java-xmlbuilder vulnerable to XML External Entity Reference
Critical
CVE-2014-125087
was published
for
com.jamesmurty.utils:java-xmlbuilder
(Maven)
Feb 19, 2023
Liferay Portal's Dynamic Data Mapping module's DDMForm and Liferay DXP vulnerable to stored Cross-site Scripting
Critical
CVE-2024-25603
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Cloud Foundry vulnerable to Cross-Site Request Forgery
Critical
CVE-2016-6637
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 13, 2022
Cloud Foundry Runtime has Weak Password Recovery Mechanism for Forgotten Password
Critical
CVE-2015-5172
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 13, 2022
Cloud Foundry Runtime Insufficient Session Expiration vulnerability
Critical
CVE-2015-5171
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 13, 2022
SAML authentication bypass due to missing validation on unsigned SAML messages
Critical
GHSA-hx5q-v6pj-533r
was published
for
com.linecorp.centraldogma:centraldogma-server-auth-saml
(Maven)
Feb 26, 2024
Armeria SAML authentication bypass due to missing validation on unsigned SAML messages
Critical
CVE-2024-1735
was published
for
com.linecorp.armeria:armeria-saml
(Maven)
Feb 26, 2024
The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins
Critical
CVE-2018-8014
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Oct 17, 2018
org.postgresql:postgresql vulnerable to SQL Injection via line comment generation
Critical
CVE-2024-1597
was published
for
org.postgresql:postgresql
(Maven)
Feb 21, 2024
Liferay Portal Frontend JS module's portlet.js and Liferay DXP vulnerable to Cross-site Scripting
Critical
CVE-2024-26269
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal and Liferay DXP vulnerable to stored Cross-site Scripting
Critical
CVE-2024-26266
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal Language Override edit screen and Liferay DXP vulnerable to reflected Cross-site Scripting
Critical
CVE-2023-42498
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting
Critical
CVE-2023-40191
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting
Critical
CVE-2023-42496
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal Expando module and Liferay DXP vulnerable to stored Cross-site Scripting
Critical
CVE-2024-25601
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal and Liferay DXP's Users Admin module vulnerable to stored Cross-site Scripting
Critical
CVE-2024-25602
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
ProTip!
Advisories are also available from the
GraphQL API