Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,652
Erlang
34
GitHub Actions
26
Go
2,257
Maven
5,000+
npm
3,909
NuGet
704
pip
3,680
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,041 advisories

Loading
Prototype Pollution in cached-path-relative High
CVE-2018-16472 was published for cached-path-relative (npm) Nov 7, 2018
High severity vulnerability that affects org.apache.syncope:syncope-core High
CVE-2018-1321 was published for org.apache.syncope:syncope-core (Maven) Nov 6, 2018
MarkLee131
python-gnupg's shell_quote function does not properly quote strings High
CVE-2014-1927 was published for python-gnupg (pip) Nov 6, 2018
python-gnupg's shell_quote function does not properly escape characters High
CVE-2014-1928 was published for python-gnupg (pip) Nov 6, 2018
python-gnupg vulnerable to shell injection Critical
CVE-2014-1929 was published for python-gnupg (pip) Nov 6, 2018
Forgeable Public/Private Tokens in jwt-simple Critical
CVE-2016-10555 was published for jwt-simple (npm) Nov 6, 2018
Improper Input Validation in kdcproxy High
CVE-2015-5159 was published for kdcproxy (pip) Nov 1, 2018
Improper Input Validation in alilibaba:fastjson Critical
CVE-2017-18349 was published for com.alibaba:fastjson (Maven) Oct 24, 2018
Improper Input Validation in org.wildfly:wildfly-undertow Moderate
CVE-2018-1047 was published for org.wildfly:wildfly-undertow (Maven) Oct 19, 2018
Improper Input Validation in async-http-client High
CVE-2017-14063 was published for org.asynchttpclient:async-http-client (Maven) Oct 19, 2018
Moderate severity vulnerability that affects org.apache.qpid:apache-qpid-broker-j Moderate
CVE-2018-1298 was published for org.apache.qpid:apache-qpid-broker-j (Maven) Oct 19, 2018
Apache Struts vulnerable to remote command execution (RCE) due to improper input validation High
CVE-2018-11776 was published for org.apache.struts:struts2-core (Maven) Oct 18, 2018
sunSUNQ
Apache Struts vulnerable to remote arbitrary command execution due to improper input validation Critical
CVE-2017-5638 was published for org.apache.struts:struts2-core (Maven) Oct 18, 2018
sunSUNQ
OrientDB Studio web management interface is vulnerable to clickjacking attacks Moderate
CVE-2015-2918 was published for com.orientechnologies:orientdb-studio (Maven) Oct 18, 2018
Apache CXF Fediz application plugins are vulnerable to Denial of Service (DoS) attacks High
CVE-2015-5175 was published for org.apache.cxf.fediz:fediz-core (Maven) Oct 18, 2018
High severity vulnerability that affects org.apache.cxf.fediz:fediz-jetty8, org.apache.cxf.fediz:fediz-jetty9, org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cxf.fediz:fediz-spring3 High
CVE-2018-8038 was published for org.apache.cxf.fediz:fediz-jetty8 (Maven) Oct 18, 2018
Files or Directories Accessible to External Parties in org.springframework:spring-core High
CVE-2015-5211 was published for org.springframework:spring-core (Maven) Oct 17, 2018
sunSUNQ
Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core Moderate
CVE-2018-1199 was published for org.springframework.security:spring-security-core (Maven) Oct 17, 2018
sunSUNQ
Spring Data Commons remote code injection vulnerability Critical
CVE-2018-1273 was published for org.springframework.data:spring-data-commons (Maven) Oct 17, 2018
sharonbz MarkLee131
r3kumar
Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '' wildcard character Critical
CVE-2017-7676 was published for org.apache.ranger:ranger (Maven) Oct 17, 2018
Improper certificate validation in org.apache.httpcomponents:httpclient High
CVE-2012-6153 was published for org.apache.httpcomponents:httpclient (Maven) Oct 17, 2018
MarkLee131
ASP.NET Core fails to properly validate web requests High
CVE-2017-0247 was published for Microsoft.AspNetCore.Mvc (NuGet) Oct 16, 2018
Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc Moderate
CVE-2017-0256 was published for Microsoft.AspNetCore.Mvc (NuGet) Oct 16, 2018
High severity vulnerability that affects Microsoft.AspNetCore.Mvc High
CVE-2017-0249 was published for DisCatSharp (NuGet) Oct 16, 2018
Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents High
CVE-2018-8030 was published for org.apache.qpid:apache-qpid-broker-j (Maven) Oct 16, 2018
MarkLee131
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database