Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,000
Erlang
29
GitHub Actions
16
Go
1,785
Maven
5,000+
npm
3,547
NuGet
621
pip
3,139
Pub
10
RubyGems
839
Rust
795
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,681 advisories

Loading
High severity vulnerability that affects org.apache.spark:spark-core_2.10 and org.apache.spark:spark-core_2.11 High
CVE-2017-12612 was published for org.apache.spark:spark-core_2.10 (Maven) Nov 9, 2018
High severity vulnerability that affects com.typesafe.akka:akka-http-core_2.11 and com.typesafe.akka:akka-http-core_2.12 High
CVE-2018-16131 was published for com.typesafe.akka:akka-http-core_2.11 (Maven) Oct 22, 2018
Apache Ignite communicates to an external PHP server where sensitive information is sent High
CVE-2017-7686 was published for org.apache.ignite:ignite-core (Maven) Oct 16, 2018
UnixAuthenticationService in Apache Ranger was updated to correctly handle user input to avoid Stack-based buffer overflow High
CVE-2018-11778 was published for org.apache.ranger:ranger (Maven) Oct 17, 2018
In Bouncy Castle JCE Provider the DHIES implementation allowed the use of ECB mode High
CVE-2016-1000344 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 18, 2018
High severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service High
CVE-2015-7521 was published for org.apache.hive:hive (Maven) Nov 21, 2018
In blynk-server a Directory Traversal exists High
CVE-2018-17785 was published for com.github.blynkkk:blynk-server (Maven) Oct 17, 2018
Apache Tika does not properly initialize the XML parser or choose handlers High
CVE-2016-4434 was published for org.apache.tika:tika-core (Maven) Oct 17, 2018
High severity vulnerability that affects org.dspace:dspace-xmlui High
CVE-2016-10726 was published for org.dspace:dspace-xmlui (Maven) Oct 19, 2018
SQL injection vulnerability in the policy admin tool in Apache Ranger High
CVE-2016-2174 was published for org.apache.ranger:ranger (Maven) Oct 17, 2018
High severity vulnerability that affects org.apache.pdfbox:pdfbox High
CVE-2016-2175 was published for org.apache.pdfbox:pdfbox (Maven) Oct 17, 2018
High severity vulnerability that affects org.apache.tika:tika-core High
CVE-2018-11761 was published for org.apache.tika:tika-core (Maven) Oct 17, 2018
Read permissions not enforced for client provided filter expressions in Elide. High
CVE-2020-5289 was published for com.yahoo.elide:elide-core (Maven) Mar 30, 2020
Deserialization of Untrusted Data in jackson-databind High
GHSA-wrr7-33fx-rcvj was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jun 15, 2020 withdrawn
Improper Certificate Validation in Apache Beam High
CVE-2020-1929 was published for org.apache.beam:beam-sdks-java-io-mongodb (Maven) May 6, 2020
Remote Code Execution (RCE) vulnerability in dropwizard-validation High
CVE-2020-11002 was published for io.dropwizard:dropwizard-validation (Maven) Apr 10, 2020
pwntester
Server-Side Request Forgery (SSRF) in Apache Olingo High
CVE-2020-1925 was published for org.apache.olingo:odata-client-core (Maven) Feb 4, 2020
Improper input validation in Apache Olingo High
CVE-2019-17555 was published for org.apache.olingo:odata-client-core (Maven) Feb 4, 2020
Unauthenticated Access Via OAI-PMH High
CVE-2020-5228 was published for org.opencastproject:opencast-oaipmh-api (Maven) Jan 30, 2020
user/group information can be corrupted across storing in fsimage and reading back from fsimage High
CVE-2018-11768 was published for org.apache.hadoop:hadoop-main (Maven) Nov 20, 2019
Elliptic Curve Key Disclosure High
GHSA-h6wq-jw7q-grxv was published for org.bitbucket.b_c:jose4j (Maven) Feb 24, 2021 withdrawn
Privilege escalation vulnerability in Apache Hadoop High
CVE-2018-8029 was published for org.apache.hadoop:hadoop-main (Maven) May 31, 2019
XML external entity (XXE) vulnerability High
GHSA-c8m9-mh38-97p9 was published for org.jpmml:pmml-model (Maven) Feb 24, 2021 withdrawn
Keycloak SAML javascript protocol mapper: Uploading of scripts through admin console High
CVE-2022-2668 was published for org.keycloak:keycloak-parent (Maven) Sep 23, 2022
OrientDB-Server vulnerable to Cross-Site Request Forgery High
CVE-2015-2912 was published for com.orientechnologies:orientdb-studio (Maven) Oct 18, 2018
ProTip! Advisories are also available from the GraphQL API