Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,652
Erlang
34
GitHub Actions
26
Go
2,257
Maven
5,000+
npm
3,909
NuGet
704
pip
3,680
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

271 advisories

Loading
OpenFlow plugin for OpenDaylight allows spoofing the SDN topology High
CVE-2015-1611 was published for org.opendaylight.openflowplugin:openflowplugin (Maven) May 17, 2022
OpenFlow plugin for OpenDaylight LLDP Relay High
CVE-2015-1612 was published for org.opendaylight.openflowplugin:openflowplugin (Maven) May 17, 2022
Apache Hadoop's LinuxContainerExecutor runs docker commands as root with insufficient input validation High
CVE-2017-7669 was published for org.apache.hadoop:hadoop-common (Maven) May 17, 2022
Improper Input Validation in Apache Axis2 High
CVE-2010-1632 was published for org.apache.axis2.wso2:axis2 (Maven) May 17, 2022
Apache Struts vulnerable to possible DoS attack when using URLValidator Moderate
CVE-2016-4465 was published for org.apache.struts:struts2-core (Maven) May 17, 2022
sunSUNQ
Apache Struts Open Redirect High
CVE-2016-4433 was published for org.apache.struts.xwork:xwork-core (Maven) May 17, 2022
sunSUNQ
Apache Struts Access Control Redirect High
CVE-2016-4431 was published for org.apache.struts:struts-parent (Maven) May 17, 2022
Improper Input Validation in Apache Commons Email High
CVE-2017-9801 was published for org.apache.commons:commons-email (Maven) May 17, 2022
Improper Input Validation in OpenSymphony XWork Moderate
CVE-2008-6504 was published for com.opensymphony:xwork (Maven) May 17, 2022
Improper Input Validation in Apache Axis2 Moderate
CVE-2012-5785 was published for org.apache.axis2:axis2 (Maven) May 17, 2022
Improper Input Validation in XFire High
CVE-2012-5817 was published for org.codehaus.xfire:xfire-core (Maven) May 17, 2022
Improper Input Validation in Apache POI Moderate
CVE-2014-3574 was published for org.apache.poi:poi (Maven) May 17, 2022
MarkLee131
Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users Moderate
CVE-2011-1475 was published for org.apache.tomcat:tomcat (Maven) May 17, 2022
Improper Input Validation in Apache Batik Moderate
CVE-2015-0250 was published for org.apache.xmlgraphics:batik (Maven) May 17, 2022
Denial of service in Apache Tomcat Moderate
CVE-2014-0095 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) May 17, 2022
q5438722 sunSUNQ
JBoss RichFaces Improper Input Validation vulnerability Moderate
CVE-2014-0086 was published for org.richfaces:richfaces (Maven) May 17, 2022
Jenkins has CRLF Injection Vulnerability in the CLI Moderate
CVE-2016-0789 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Jenkins allows Deserialization of Untrusted Data via an XML File High
CVE-2016-0792 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Improper Input Validation in Apache Tomcat Moderate
CVE-2011-4858 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
Arbitrary file write in Apache Commons Fileupload High
CVE-2013-2186 was published for commons-fileupload:commons-fileupload (Maven) May 14, 2022
MarkLee131
MitM on Jenkins Maven Plugin Moderate
CVE-2017-1000397 was published for org.jenkins-ci.main:maven-plugin (Maven) May 14, 2022
q5438722
Jenkins Swarm Plugin Client vulnerable to man-in-the-middle attacks Moderate
CVE-2017-1000402 was published for org.jenkins-ci.plugins:swarm-client (Maven) May 14, 2022
Apache NiFi XSS issue in context path handling Critical
CVE-2017-15697 was published for org.apache.nifi:nifi (Maven) May 14, 2022
Apache NiFi host header poisoning issue High
CVE-2017-12632 was published for org.apache.nifi:nifi (Maven) May 14, 2022
Improper Input Validation in Apache Struts High
CVE-2015-0899 was published for org.apache.struts:struts-core (Maven) May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database