GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
2,366 advisories
Filter by severity
Junrar vulnerable to Infinite Loop
Moderate
CVE-2018-12418
was published
for
com.github.junrar:junrar
(Maven)
Oct 17, 2018
skylot jadx affected by Incorrect Behavior Order in vulnerable dependency
Moderate
GHSA-fjh6-p566-wr6q
was published
for
io.github.skylot:jadx-core
(Maven)
Jul 21, 2022
Uncontrolled Resource Consumption in Spray JSON
Moderate
CVE-2018-18855
was published
for
io.spray:spray-json
(Maven)
Jun 28, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark
Moderate
CVE-2018-1334
was published
for
org.apache.spark:spark-core_2.10
(Maven)
Mar 14, 2019
Jinjava calls getClass
Moderate
CVE-2018-18893
was published
for
com.hubspot.jinjava:jinjava
(Maven)
Jan 4, 2019
Apiman Manager API affected by Jackson denial of service vulnerability
Moderate
GHSA-q95j-488q-5q3p
was published
for
io.apiman:apiman-manager-api-impl
(Maven)
Jan 9, 2023
Stored Cross-Site Scripting (XSS) in Keycloak via groups dropdown
Moderate
GHSA-755v-r4x4-qf7m
was published
for
org.keycloak:keycloak-core
(Maven)
Nov 29, 2022
Vulnerable dependency in XTDB connector
Moderate
GHSA-hwvm-vfw8-93mw
was published
for
org.odpi.egeria:egeria-connector-xtdb
(Maven)
Dec 16, 2021
Possible route enumeration in production mode via RouteNotFoundError view in Vaadin 10, 11-14, and 15-19
Moderate
GHSA-fr26-qjc8-mvjx
was published
for
com.vaadin:flow-server
(Maven)
Oct 13, 2021
Denial of service in DataCommunicator class in Vaadin 8
Moderate
GHSA-j23j-q57m-63v3
was published
for
com.vaadin:vaadin-server
(Maven)
Oct 13, 2021
Unauthorized property update in CheckboxGroup component in Vaadin 12-14 and 15-20
Moderate
GHSA-hw7r-qrhp-5pff
was published
for
com.vaadin:vaadin-bom
(Maven)
Aug 30, 2021
Timing side channel vulnerability in endpoint request handler in Vaadin 15-19
Moderate
GHSA-9h6g-6mxg-vvp4
was published
for
com.vaadin:vaadin-bom
(Maven)
Apr 19, 2021
Insecure temporary directory usage in frontend build functionality of Vaadin 14 and 15-19
Moderate
GHSA-c57f-4vp2-jqhm
was published
for
com.vaadin:flow-server
(Maven)
May 6, 2021
Generation of Error Message Containing Sensitive Information in RESTEasy client
Moderate
CVE-2020-25633
was published
for
org.jboss.resteasy:resteasy-client
(Maven)
Jun 3, 2021
Improper Verification of Cryptographic Signature in aws-encryption-sdk-java
Moderate
GHSA-55xh-53m6-936r
was published
for
com.amazonaws:aws-encryption-sdk-java
(Maven)
Jun 1, 2021
Reflected cross-site scripting in default RouteNotFoundError view in Vaadin 10 and 11-13
Moderate
GHSA-jqj4-r483-4gvr
was published
for
com.vaadin:vaadin-bom
(Maven)
Apr 19, 2021
Directory traversal in development mode handler in Vaadin 14 and 15-17
Moderate
GHSA-82mf-mmh7-hxp5
was published
for
com.vaadin:vaadin-bom
(Maven)
Apr 19, 2021
Man-in-the-middle attack in Apache Axis
Moderate
CVE-2012-5784
was published
for
axis:axis
(Maven)
Oct 7, 2020
Timing side channel vulnerability in UIDL request handler in Vaadin 10, 11-14, and 15-18
Moderate
GHSA-c6c4-7x48-4cqp
was published
for
com.vaadin:vaadin-bom
(Maven)
Apr 19, 2021
JavaScript execution via malicious molfiles (XSS)
Moderate
GHSA-2pwh-52h7-7j84
was published
for
de.ipb-halle:molecularfaces
(Maven)
Apr 16, 2021
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') in Armeria
Moderate
GHSA-35fr-h7jr-hh86
was published
for
com.linecorp.armeria:armeria
(Maven)
Dec 6, 2019
Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark via crafted URL
Moderate
CVE-2018-8024
was published
for
org.apache.spark:spark-core_2.10
(Maven)
Mar 14, 2019
CSRF in Play Framework
Moderate
CVE-2020-12480
was published
for
com.typesafe.play:play_2.12
(Maven)
Aug 18, 2020
Undertow-core vulnerable to HTTP Request Smuggling
Moderate
CVE-2017-2666
was published
for
io.undertow:undertow-core
(Maven)
Oct 19, 2018
Improper Control of Interaction Frequency in Apache syncope-core
Moderate
CVE-2018-17184
was published
for
org.apache.syncope:syncope-core
(Maven)
Nov 6, 2018
ProTip!
Advisories are also available from the
GraphQL API