Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,967
Erlang
29
GitHub Actions
16
Go
1,748
Maven
4,978
npm
3,509
NuGet
609
pip
3,075
Pub
10
RubyGems
832
Rust
781
Swift
34
Unreviewed advisories
All unreviewed
5,000+

2,361 advisories

Loading
CSRF attack via CORS preflight requests with Spring MVC or Spring WebFlux Moderate
CVE-2020-5397 was published for org.springframework:spring-webflux (Maven) Jan 21, 2020
sunSUNQ
Stored XSS in Apache Atlas Moderate
CVE-2019-10070 was published for org.apache.atlas:apache-atlas (Maven) Jan 8, 2020
The SafeHtml annotation in Hibernate-Validator does not properly guard against XSS attacks Moderate
CVE-2019-10219 was published for org.hibernate.validator:hibernate-validator (Maven) Jan 8, 2020
SunBK201
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') in Armeria Moderate
GHSA-35fr-h7jr-hh86 was published for com.linecorp.armeria:armeria (Maven) Dec 6, 2019
JLLeitschuh
Low severity vulnerability that affects com.linecorp.armeria:armeria Moderate
CVE-2019-16771 was published for com.linecorp.armeria:armeria (Maven) Dec 5, 2019
SunBK201
Apache NiFi process group information disclosure Moderate
CVE-2019-10083 was published for org.apache.nifi:nifi (Maven) Dec 2, 2019
Apache NiFi information disclosure by XXE Moderate
CVE-2019-10080 was published for org.apache.nifi:nifi (Maven) Dec 2, 2019
Unescaped exception messages in error responses in Jetty Moderate
CVE-2019-17632 was published for org.eclipse.jetty:jetty-server (Maven) Dec 2, 2019
XSS issues in the management interface Moderate
CVE-2019-13236 was published for org.opencms:opencms-core (Maven) Nov 12, 2019
XSS in login form Moderate
CVE-2019-13235 was published for org.opencms:opencms-core (Maven) Nov 12, 2019
Local file inclusion allows unauthorized access to internal resources in Alkacon OpenCms Moderate
CVE-2019-13237 was published for org.opencms:opencms-core (Maven) Nov 12, 2019
XSS in search engine Moderate
CVE-2019-13234 was published for org.opencms:opencms-core (Maven) Nov 12, 2019
Potential DOS attack due to unrestricted attachment count in messages Moderate
CVE-2019-12406 was published for org.apache.cxf:apache-cxf (Maven) Nov 8, 2019
Use of Cryptographically Weak Pseudo-Random Number Generator in org.pac4j:pac4j-saml Moderate
CVE-2019-10755 was published for org.pac4j:pac4j-saml (Maven) Nov 6, 2019
Denial of service via deserialization attack in nifi Moderate
CVE-2017-15703 was published for org.apache.nifi:nifi-framework-cluster-protocol (Maven) Oct 25, 2019
Cross-site scripting in Apache JSPWiki Moderate
CVE-2019-12404 was published for org.apache.jspwiki:jspwiki-war (Maven) Oct 11, 2019
Cross-site scripting in Apache JSPWiki Moderate
CVE-2019-10089 was published for org.apache.jspwiki:jspwiki-war (Maven) Oct 11, 2019
Cross-site scripting in Apache JSPWiki Moderate
CVE-2019-10087 was published for org.apache.jspwiki:jspwiki-war (Maven) Oct 11, 2019
Cross-site scripting in Apache JSPWiki Moderate
CVE-2019-10090 was published for org.apache.jspwiki:jspwiki-war (Maven) Oct 11, 2019
Cross-site scripting in Sakai Moderate
CVE-2019-16148 was published for org.sakaiproject:chat-base (Maven) Sep 23, 2019
Improper Verification of Cryptographic Signature in keycloak Moderate
CVE-2019-10201 was published for org.keycloak:keycloak-core (Maven) Sep 23, 2019
Improper Handling of Exceptional Conditions and Origin Validation Error in Eclipse Paho Java client library Moderate
CVE-2019-11777 was published for org.eclipse.paho:org.eclipse.paho.client.mqttv3 (Maven) Sep 17, 2019
Incorrect Resource Transfer Between Spheres in eclipse-wtp Moderate
CVE-2019-10753 was published for com.diffplug.spotless:spotless-eclipse-cdt (Maven) Sep 11, 2019
Improper input validation in Apache Santuario XML Security for Java Moderate
CVE-2019-12400 was published for org.apache.santuario:xmlsec (Maven) Aug 27, 2019
Cross-site Scripting in Jooby Moderate
CVE-2019-15477 was published for org.jooby:jooby (Maven) Aug 27, 2019
ProTip! Advisories are also available from the GraphQL API