Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,412
Erlang
28
GitHub Actions
16
Go
1,650
Maven
4,914
npm
3,437
NuGet
594
pip
2,682
Pub
10
RubyGems
822
Rust
760
Swift
34
Unreviewed advisories
All unreviewed
5,000+

29 advisories

It was found that the Syndesis configuration for Cross-Origin Resource Sharing was set to allow... Moderate Unreviewed
CVE-2019-14860 was published May 24, 2022
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a... High Unreviewed
CVE-2019-9518 was published May 24, 2022
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial... High Unreviewed
CVE-2019-9515 was published May 24, 2022
golang.org/x/net/http vulnerable to a reset flood High
CVE-2019-9514 was published for golang.org/x/net (Go) May 24, 2022
golang.org/x/net/http vulnerable to ping floods High
CVE-2019-9512 was published for golang.org/x/net (Go) May 24, 2022
Deserialization of Untrusted Data in Infinispan High
CVE-2018-1131 was published for org.infinispan:infinispan-core (Maven) May 13, 2022
A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration... Moderate Unreviewed
CVE-2019-3825 was published May 13, 2022
Docker image code execution with Apache Mesos High
CVE-2019-0204 was published for org.apache.mesos:mesos (Maven) May 13, 2022
Deserialization of Untrusted Data in jackson-databind High
GHSA-wrr7-33fx-rcvj was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jun 15, 2020 withdrawn
Deserialization of Untrusted Data High
CVE-2018-12023 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jun 15, 2020
sunSUNQ
HTTP Request Smuggling in Netty High
CVE-2019-16869 was published for io.netty:netty-all (Maven) Oct 11, 2019
G-Rath westonsteimel
Deserialization of Untrusted Data and Code Injection in xstream Critical
CVE-2019-10173 was published for com.thoughtworks.xstream:xstream (Maven) Jul 26, 2019
Deserialization of Untrusted Data in jackson-databind Critical
CVE-2018-11307 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jul 16, 2019
sunSUNQ
Access control bypass in Apache ZooKeeper Moderate
CVE-2019-0201 was published for org.apache.zookeeper:zookeeper (Maven) May 29, 2019
jackson-databind Deserialization of Untrusted Data vulnerability High
CVE-2018-12022 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Mar 25, 2019
sunSUNQ
Arbitrary Code Execution in jackson-databind Critical
CVE-2018-14719 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jan 4, 2019
XML External Entity Reference (XXE) in jackson-databind Critical
CVE-2018-14720 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jan 4, 2019
G-Rath
Server-Side Request Forgery (SSRF) in jackson-databind Critical
CVE-2018-14721 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jan 4, 2019
com.fasterxml.jackson.core:jackson-databind vulnerable to Deserialization of Untrusted Data Critical
CVE-2018-19362 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jan 4, 2019
sunSUNQ
Deserialization of Untrusted Data in jackson-databind Critical
CVE-2018-19361 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jan 4, 2019
Deserialization of Untrusted Data in jackson-databind due to polymorphic deserialization Critical
CVE-2018-19360 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jan 4, 2019
G-Rath
Arbitrary Code Execution in jackson-databind Critical
CVE-2018-14718 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jan 4, 2019
Path Traversal in Hadoop High
CVE-2018-8009 was published for org.apache.hadoop:hadoop-main (Maven) Dec 21, 2018
MarkLee131
Directory Traversal vulnerability in Square Retrofit High
CVE-2018-1000850 was published for com.squareup.retrofit2:retrofit (Maven) Dec 21, 2018
Improper Certificate Validation in Apache activemq-client High
CVE-2018-11775 was published for org.apache.activemq:activemq-client (Maven) Oct 19, 2018
sunSUNQ
ProTip! Advisories are also available from the GraphQL API