GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
12 advisories
Filter by severity
XML External Entity Reference in RESTEasy
Moderate
CVE-2014-7839
was published
for
org.jboss.resteasy:resteasy-jaxrs
(Maven)
May 17, 2022
The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise...
Moderate
Unreviewed
CVE-2013-2133
was published
May 14, 2022
Insufficient Verification of Data Authenticity in Async Http Client
Moderate
CVE-2013-7398
was published
for
com.ning:async-http-client
(Maven)
May 13, 2022
Insufficient Verification of Data Authenticity in Async Http Client
Moderate
CVE-2013-7397
was published
for
com.ning:async-http-client
(Maven)
May 13, 2022
Improper Authentication in Apache WSS4J
Moderate
CVE-2014-3623
was published
for
org.apache.ws.security:wss4j
(Maven)
May 13, 2022
Uncontrolled Resource Consumption in Apache CXF
Moderate
CVE-2014-0110
was published
for
org.apache.cxf:cxf-core
(Maven)
May 13, 2022
Uncontrolled Resource Consumption in Apache CXF
Moderate
CVE-2014-0109
was published
for
org.apache.cxf:cxf-core
(Maven)
May 13, 2022
Improper Input Validation in Apache CXF
Moderate
CVE-2014-0034
was published
for
org.apache.cxf:cxf-rt-ws-security
(Maven)
May 13, 2022
Cleartext Transmission of Sensitive Information in Apache CXF
Moderate
CVE-2014-0035
was published
for
org.apache.cxf:cxf-core
(Maven)
May 13, 2022
Improper Input Validation in Apache Santuario XML Security
Moderate
CVE-2013-4517
was published
for
org.apache.santuario:xmlsec
(Maven)
May 13, 2022
Information disclosure in JBoss Weld
Moderate
CVE-2014-8122
was published
for
org.jboss.weld:weld-core-bom
(Maven)
Jun 10, 2020
Improper Verification of Cryptographic Signature in org.apache.httpcomponents:httpclient
Moderate
CVE-2014-3577
was published
for
org.apache.httpcomponents:httpclient
(Maven)
Oct 17, 2018
ProTip!
Advisories are also available from the
GraphQL API