Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,967
Erlang
29
GitHub Actions
16
Go
1,748
Maven
4,978
npm
3,509
NuGet
609
pip
3,075
Pub
10
RubyGems
832
Rust
781
Swift
34
Unreviewed advisories
All unreviewed
5,000+

2,361 advisories

Loading
Cross-site Scripting in Ignite Realtime Openfire Moderate
CVE-2019-15488 was published for org.igniterealtime.openfire:xmppserver (Maven) Aug 27, 2019
Cross-site scripting in Apache Ranger Moderate
CVE-2019-12397 was published for org.apache.ranger:ranger (Maven) Aug 16, 2019
Allocation of Resources Without Limits or Throttling in Apache Tika Moderate
CVE-2019-10093 was published for org.apache.tika:tika-parsers (Maven) Aug 6, 2019
Improper Input Validation and Missing Authentication for Critical Function in Apache ActiveMQ Moderate
CVE-2015-7559 was published for org.apache.activemq:activemq-client (Maven) Aug 1, 2019
sunSUNQ
Deserialization of untrusted data in FasterXML jackson-databind Moderate
CVE-2019-12814 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jul 17, 2019
sunSUNQ
Deserialization of Untrusted Data in FasterXML jackson-databind Moderate
CVE-2019-12384 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jul 5, 2019
sunSUNQ
Improper Certificate Validation and Insufficient Verification of Data Authenticity in Keycloak Moderate
CVE-2019-3875 was published for org.keycloak:keycloak-core (Maven) Jun 27, 2019
Argument Injection in Apache Geode server Moderate
CVE-2017-15694 was published for org.apache.geode:geode-core (Maven) Jun 26, 2019
Open Redirect in Spring Security OAuth Moderate
CVE-2019-11269 was published for org.springframework.security.oauth:spring-security-oauth (Maven) Jun 13, 2019
SunBK201
Cross-site Scripting in HAPI FHIR Moderate
CVE-2019-12741 was published for ca.uhn.hapi.fhir:hapi-fhir-base (Maven) Jun 7, 2019
Cross-site Scriptin in JSPWiki Moderate
CVE-2019-10078 was published for org.apache.jspwiki:jspwiki-main (Maven) Jun 6, 2019
Cross-site Scripting in JSPWiki Moderate
CVE-2019-10077 was published for org.apache.jspwiki:jspwiki-main (Maven) Jun 6, 2019
Cross-Site Scripting in JSPWiki Moderate
CVE-2019-10076 was published for org.apache.jspwiki:jspwiki-main (Maven) Jun 6, 2019
Improper Neutralization of Wildcards or Matching Symbols Moderate
CVE-2019-3802 was published for org.springframework.data:spring-data-jpa (Maven) Jun 4, 2019
Cross-site scripting in Apache Tomcat Moderate
CVE-2019-0221 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) May 30, 2019
sunSUNQ
Access control bypass in Apache ZooKeeper Moderate
CVE-2019-0201 was published for org.apache.zookeeper:zookeeper (Maven) May 29, 2019
Path Traversal in Spring Cloud Config Moderate
CVE-2019-3799 was published for org.springframework.cloud:spring-cloud-config-server (Maven) May 23, 2019
Exposure of Sensitive Information to an Unauthorized Actor and SQL Injection in Spring Data JPA Moderate
CVE-2019-3797 was published for org.springframework.data:spring-data-jpa (Maven) May 14, 2019
Cross-site Scripting in Apache UIMA Moderate
CVE-2018-8035 was published for org.apache.uima:uima-ducc-web (Maven) May 14, 2019
Cross-site scripting in Apache Archiva Moderate
CVE-2019-0213 was published for org.apache.archiva:archiva (Maven) May 14, 2019
Improper Input Validation in Apache Archiva Moderate
CVE-2019-0214 was published for org.apache.archiva:archiva (Maven) May 14, 2019
Exposure of Sensitive Information to an Unauthorized Actor in Keycloak Moderate
CVE-2019-3868 was published for org.keycloak:keycloak-core (Maven) Apr 30, 2019
XSS in jQuery as used in Drupal, Backdrop CMS, and other products Moderate
CVE-2019-11358 was published for django (RubyGems) Apr 26, 2019
klaudialax eoftedal
Cross-site Scripting in Apache Zeppelin Moderate
CVE-2018-1328 was published for org.apache.zeppelin:zeppelin (Maven) Apr 24, 2019
Information Exposure vulnerability in Eclipse Jetty Moderate
CVE-2019-10246 was published for org.eclipse.jetty:jetty-server (Maven) Apr 23, 2019
ProTip! Advisories are also available from the GraphQL API