Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,958
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,971
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+

697 advisories

jackson-databind mishandles the interaction between serialization gadgets and typing Critical
CVE-2020-9548 was published for com.fasterxml.jackson.core:jackson-databind (Maven) May 15, 2020
sunSUNQ
jackson-databind mishandles the interaction between serialization gadgets and typing Critical
CVE-2020-9547 was published for com.fasterxml.jackson.core:jackson-databind (Maven) May 15, 2020
Remote code execution in Apache Commons Configuration Critical
CVE-2020-1953 was published for org.apache.commons:commons-configuration2 (Maven) May 21, 2020
Apache Camel Netty enables Java deserialization by default Critical
CVE-2020-11973 was published for org.apache.camel:camel-netty (Maven) May 21, 2020
File system access via H2 in Apache Ignite Critical
CVE-2020-1963 was published for org.apache.ignite:ignite-core (Maven) Jun 5, 2020
dom4j allows External Entities by default which might enable XXE attacks Critical
CVE-2020-10683 was published for dom4j:dom4j (Maven) Jun 5, 2020
Insecure Deserialization in Apache XML-RPC Critical
CVE-2019-17570 was published for org.apache.xmlrpc:xmlrpc (Maven) Jun 10, 2020
Improper Input Validation in jackson-databind Critical
CVE-2019-17267 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jun 15, 2020
Improper Privilege Management in Tomcat Critical
CVE-2020-1938 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jun 15, 2020
XML external entity injection in Terracotta Quartz Scheduler Critical
CVE-2019-13990 was published for org.quartz-scheduler:quartz (Maven) Jul 1, 2020
XXE attack in Mapfish Print Critical
CVE-2020-15232 was published for org.mapfish.print:print-lib (Maven) Jul 7, 2020
Command Injection in Kylin Critical
CVE-2020-13925 was published for org.apache.kylin:kylin-server-base (Maven) Jul 27, 2020
SQL Injection in Kylin Critical
CVE-2020-13926 was published for org.apache.kylin:kylin-server-base (Maven) Jul 27, 2020
Operation on a Resource after Expiration or Release in Jetty Server Critical
CVE-2019-17638 was published for org.eclipse.jetty:jetty-server (Maven) Aug 5, 2020
Code execution in Spring Integration Critical
CVE-2020-5413 was published for org.springframework.integration:spring-integration-core (Maven) Aug 5, 2020
Authorization Bypass in Spring Security Critical
CVE-2014-3527 was published for org.springframework.security:spring-security-core (Maven) Sep 15, 2020
MarkLee131
Remote Code Execution in Apache Synapse Critical
CVE-2017-15708 was published for org.apache.synapse:synapse-core (Maven) Nov 4, 2020
Template injection in cron-utils Critical
CVE-2020-26238 was published for com.cronutils:cron-utils (Maven) Nov 24, 2020
pwntester
Missing validation of JWT signature in `ManyDesigns/Portofino` Critical
CVE-2021-29451 was published for com.manydesigns:portofino-core (Maven) Apr 19, 2021
intrigus-lgtm
XSS Cross Site Scripting Critical
CVE-2021-29459 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Apr 22, 2021
Authentication bypass in Apache Shiro Critical
CVE-2020-17510 was published for org.apache.shiro:shiro-spring (Maven) Apr 22, 2021
Remote code execution in handlebars when compiling templates Critical
CVE-2021-23369 was published for handlebars (Maven) May 6, 2021
westonsteimel
SQL Injection in odata4j Critical
CVE-2016-11024 was published for org.odata4j:odata4j-core (Maven) May 7, 2021
SQL Injection in odata4j Critical
CVE-2016-11023 was published for org.odata4j:odata4j-core (Maven) May 7, 2021
Improper Authentication in Apache Shiro Critical
CVE-2020-11989 was published for org.apache.shiro:shiro-core (Maven) May 7, 2021
ProTip! Advisories are also available from the GraphQL API