GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,992
Erlang
29
GitHub Actions
16
Go
1,782
Maven
5,000+
npm
3,544
NuGet
619
pip
3,134
Pub
10
RubyGems
838
Rust
795
Swift
34
Unreviewed advisories
All unreviewed
5,000+
17 advisories
Filter by severity
XML External Entity Reference in RESTEasy
Moderate
CVE-2014-7839
was published
for
org.jboss.resteasy:resteasy-jaxrs
(Maven)
May 17, 2022
Improper Input Validation in Drools and jBPM
High
CVE-2014-8125
was published
for
org.drools:drools-core
(Maven)
May 17, 2022
The Git plugin for FusionForge before 6.0rc4 allows remote attackers to execute arbitrary code...
High
Unreviewed
CVE-2015-0850
was published
May 17, 2022
JBoss SX and PicketBox, as used in Red Hat JBoss Enterprise Application Platform (EAP) before 6.2...
Low
Unreviewed
CVE-2014-0059
was published
May 17, 2022
The org.jboss.security.plugins.mapping.JBossMappingManager implementation in JBoss Security in...
Low
Unreviewed
CVE-2014-7827
was published
May 17, 2022
The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise...
Moderate
Unreviewed
CVE-2013-2133
was published
May 14, 2022
Insufficient Verification of Data Authenticity in Async Http Client
Moderate
CVE-2013-7398
was published
for
com.ning:async-http-client
(Maven)
May 13, 2022
Insufficient Verification of Data Authenticity in Async Http Client
Moderate
CVE-2013-7397
was published
for
com.ning:async-http-client
(Maven)
May 13, 2022
Improper Authentication in Apache WSS4J
Moderate
CVE-2014-3623
was published
for
org.apache.ws.security:wss4j
(Maven)
May 13, 2022
Uncontrolled Resource Consumption in Apache CXF
Moderate
CVE-2014-0110
was published
for
org.apache.cxf:cxf-core
(Maven)
May 13, 2022
Uncontrolled Resource Consumption in Apache CXF
Moderate
CVE-2014-0109
was published
for
org.apache.cxf:cxf-core
(Maven)
May 13, 2022
Improper Input Validation in Apache CXF
Moderate
CVE-2014-0034
was published
for
org.apache.cxf:cxf-rt-ws-security
(Maven)
May 13, 2022
Cleartext Transmission of Sensitive Information in Apache CXF
Moderate
CVE-2014-0035
was published
for
org.apache.cxf:cxf-core
(Maven)
May 13, 2022
Improper Input Validation in Apache Santuario XML Security
Moderate
CVE-2013-4517
was published
for
org.apache.santuario:xmlsec
(Maven)
May 13, 2022
Information disclosure in JBoss Weld
Moderate
CVE-2014-8122
was published
for
org.jboss.weld:weld-core-bom
(Maven)
Jun 10, 2020
Improper certificate validation in org.apache.httpcomponents:httpclient
High
CVE-2012-6153
was published
for
org.apache.httpcomponents:httpclient
(Maven)
Oct 17, 2018
Improper Verification of Cryptographic Signature in org.apache.httpcomponents:httpclient
Moderate
CVE-2014-3577
was published
for
org.apache.httpcomponents:httpclient
(Maven)
Oct 17, 2018
ProTip!
Advisories are also available from the
GraphQL API