GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,967
Erlang
29
GitHub Actions
16
Go
1,748
Maven
4,978
npm
3,509
NuGet
609
pip
3,075
Pub
10
RubyGems
832
Rust
781
Swift
34
Unreviewed advisories
All unreviewed
5,000+
2,361 advisories
Filter by severity
CSRF attack via CORS preflight requests with Spring MVC or Spring WebFlux
Moderate
CVE-2020-5397
was published
for
org.springframework:spring-webflux
(Maven)
Jan 21, 2020
Stored XSS in Apache Atlas
Moderate
CVE-2019-10070
was published
for
org.apache.atlas:apache-atlas
(Maven)
Jan 8, 2020
The SafeHtml annotation in Hibernate-Validator does not properly guard against XSS attacks
Moderate
CVE-2019-10219
was published
for
org.hibernate.validator:hibernate-validator
(Maven)
Jan 8, 2020
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') in Armeria
Moderate
GHSA-35fr-h7jr-hh86
was published
for
com.linecorp.armeria:armeria
(Maven)
Dec 6, 2019
Low severity vulnerability that affects com.linecorp.armeria:armeria
Moderate
CVE-2019-16771
was published
for
com.linecorp.armeria:armeria
(Maven)
Dec 5, 2019
Apache NiFi process group information disclosure
Moderate
CVE-2019-10083
was published
for
org.apache.nifi:nifi
(Maven)
Dec 2, 2019
Apache NiFi information disclosure by XXE
Moderate
CVE-2019-10080
was published
for
org.apache.nifi:nifi
(Maven)
Dec 2, 2019
Unescaped exception messages in error responses in Jetty
Moderate
CVE-2019-17632
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Dec 2, 2019
XSS issues in the management interface
Moderate
CVE-2019-13236
was published
for
org.opencms:opencms-core
(Maven)
Nov 12, 2019
XSS in login form
Moderate
CVE-2019-13235
was published
for
org.opencms:opencms-core
(Maven)
Nov 12, 2019
Local file inclusion allows unauthorized access to internal resources in Alkacon OpenCms
Moderate
CVE-2019-13237
was published
for
org.opencms:opencms-core
(Maven)
Nov 12, 2019
XSS in search engine
Moderate
CVE-2019-13234
was published
for
org.opencms:opencms-core
(Maven)
Nov 12, 2019
Potential DOS attack due to unrestricted attachment count in messages
Moderate
CVE-2019-12406
was published
for
org.apache.cxf:apache-cxf
(Maven)
Nov 8, 2019
Use of Cryptographically Weak Pseudo-Random Number Generator in org.pac4j:pac4j-saml
Moderate
CVE-2019-10755
was published
for
org.pac4j:pac4j-saml
(Maven)
Nov 6, 2019
Denial of service via deserialization attack in nifi
Moderate
CVE-2017-15703
was published
for
org.apache.nifi:nifi-framework-cluster-protocol
(Maven)
Oct 25, 2019
Cross-site scripting in Apache JSPWiki
Moderate
CVE-2019-12404
was published
for
org.apache.jspwiki:jspwiki-war
(Maven)
Oct 11, 2019
Cross-site scripting in Apache JSPWiki
Moderate
CVE-2019-10089
was published
for
org.apache.jspwiki:jspwiki-war
(Maven)
Oct 11, 2019
Cross-site scripting in Apache JSPWiki
Moderate
CVE-2019-10087
was published
for
org.apache.jspwiki:jspwiki-war
(Maven)
Oct 11, 2019
Cross-site scripting in Apache JSPWiki
Moderate
CVE-2019-10090
was published
for
org.apache.jspwiki:jspwiki-war
(Maven)
Oct 11, 2019
Cross-site scripting in Sakai
Moderate
CVE-2019-16148
was published
for
org.sakaiproject:chat-base
(Maven)
Sep 23, 2019
Improper Verification of Cryptographic Signature in keycloak
Moderate
CVE-2019-10201
was published
for
org.keycloak:keycloak-core
(Maven)
Sep 23, 2019
Improper Handling of Exceptional Conditions and Origin Validation Error in Eclipse Paho Java client library
Moderate
CVE-2019-11777
was published
for
org.eclipse.paho:org.eclipse.paho.client.mqttv3
(Maven)
Sep 17, 2019
Incorrect Resource Transfer Between Spheres in eclipse-wtp
Moderate
CVE-2019-10753
was published
for
com.diffplug.spotless:spotless-eclipse-cdt
(Maven)
Sep 11, 2019
Improper input validation in Apache Santuario XML Security for Java
Moderate
CVE-2019-12400
was published
for
org.apache.santuario:xmlsec
(Maven)
Aug 27, 2019
Cross-site Scripting in Jooby
Moderate
CVE-2019-15477
was published
for
org.jooby:jooby
(Maven)
Aug 27, 2019
ProTip!
Advisories are also available from the
GraphQL API