GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
103 advisories
Filter by severity
Loop with Unreachable Exit Condition in Apache CXF
Moderate
CVE-2014-3584
was published
for
org.apache.cxf:cxf-rt-frontend-jaxrs
(Maven)
May 13, 2022
Improper Input Validation in Apache POI
Moderate
CVE-2014-3574
was published
for
org.apache.poi:poi
(Maven)
May 17, 2022
Improper Authentication in Hibernate Validator
Moderate
CVE-2014-3558
was published
for
org.hibernate:hibernate-validator
(Maven)
May 14, 2022
Improper Restriction of XML External Entity Reference in Apache POI
Moderate
CVE-2014-3529
was published
for
org.apache.poi:poi
(Maven)
May 17, 2022
Improper Input Validation in Apache Tomcat
Moderate
CVE-2014-0227
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Netty denial of service vulnerability
Moderate
CVE-2014-0193
was published
for
io.netty:netty
(Maven)
May 13, 2022
Improper Verification of Cryptographic Signature in org.apache.httpcomponents:httpclient
Moderate
CVE-2014-3577
was published
for
org.apache.httpcomponents:httpclient
(Maven)
Oct 17, 2018
Improper Input Validation in Apache Santuario XML Security
Moderate
CVE-2014-8152
was published
for
org.apache.santuario:xmlsec
(Maven)
May 13, 2022
Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ
Moderate
CVE-2014-8110
was published
for
org.apache.activemq:activemq-client
(Maven)
May 14, 2022
Improper Limitation of a Pathname to a Restricted Directory in Spring Framework
Moderate
CVE-2014-3578
was published
for
org.springframework:spring-core
(Maven)
May 14, 2022
Improper Certificate Validation in apache HttpClient
Moderate
CVE-2012-5783
was published
for
commons-httpclient:commons-httpclient
(Maven)
May 13, 2022
Jenkins allows attackers to configure restricted projects
Moderate
CVE-2013-7330
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Improper Neutralization of Input During Web Page Generation in Spring Framework
Moderate
CVE-2014-1904
was published
for
org.springframework:spring-webmvc
(Maven)
May 14, 2022
Improper Limitation of a Pathname to a Restricted Directory in Spring Framework
Moderate
CVE-2014-3625
was published
for
org.springframework:spring-webmvc
(Maven)
May 13, 2022
Inefficient Algorithmic Complexity in Apache Santuario XML Security
Moderate
CVE-2013-2172
was published
for
org.apache.santuario:xmlsec
(Maven)
May 13, 2022
Jenkins directory traversal vulnerability
Moderate
CVE-2014-2059
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Jenkin allows attackers to obtain passwords by reading the HTML source code
Moderate
CVE-2014-2061
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Jenkins does not invalidate the API token when a user is deleted
Moderate
CVE-2014-2062
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Jenkins allows attackers to determine whether a user exists
Moderate
CVE-2014-2064
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Jenkins cross-site scripting (XSS) vulnerability
Moderate
CVE-2014-2065
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Jenkins session fixation vulnerability
Moderate
CVE-2014-2066
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Jenkins cross-site scripting (XSS) vulnerability
Moderate
CVE-2014-2067
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Jenkins allows attackers to execute arbitrary jobs
Moderate
CVE-2014-2058
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Improper Input Validation in Apache Santuario XML Security
Moderate
CVE-2013-4517
was published
for
org.apache.santuario:xmlsec
(Maven)
May 13, 2022
Apache XML Security For Java vulnerable to Infinite Loop
Moderate
CVE-2013-5823
was published
for
org.apache.santuario:xmlsec
(Maven)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API