GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
4,944 advisories
Filter by severity
Improper Neutralization of Input During Web Page Generation in Jsoup
Moderate
CVE-2015-6748
was published
for
org.jsoup:jsoup
(Maven)
May 13, 2022
Deserialization of Untrusted Data in Groovy
Critical
CVE-2016-6814
was published
for
org.codehaus.groovy:groovy
(Maven)
May 13, 2022
Denial of service in DataCommunicator class in Vaadin 8
Moderate
CVE-2021-33609
was published
for
com.vaadin:vaadin-server
(Maven)
Oct 13, 2021
The SafeHtml annotation in Hibernate-Validator does not properly guard against XSS attacks
Moderate
CVE-2019-10219
was published
for
org.hibernate.validator:hibernate-validator
(Maven)
Jan 8, 2020
Possible information disclosure inside TreeGrid component with default data provider
Moderate
CVE-2022-29567
was published
for
com.vaadin:vaadin
(Maven)
May 25, 2022
Improper handling of case sensitivity in Spring Framework
High
CVE-2022-22968
was published
for
org.springframework:spring-context
(Maven)
Apr 15, 2022
Moderate severity vulnerability that affects org.springframework:spring-core
Moderate
CVE-2018-11040
was published
for
org.springframework:spring-core
(Maven)
Oct 16, 2018
Regular expression denial of service (ReDoS) in EmailValidator class in Vaadin 7
High
CVE-2020-36320
was published
for
com.vaadin:vaadin-bom
(Maven)
Apr 19, 2021
Unsafe deserialization in com.alibaba:fastjson
High
CVE-2022-25845
was published
for
com.alibaba:fastjson
(Maven)
Jun 11, 2022
Denial of Service in Apache James
High
CVE-2021-40110
was published
for
org.apache.james:james-server
(Maven)
Jan 8, 2022
Undertow Path Traversal vulnerability
Moderate
CVE-2024-1459
was published
for
io.undertow:undertow-core
(Maven)
Feb 12, 2024
Low severity vulnerability that affects com.linecorp.armeria:armeria
Moderate
CVE-2019-16771
was published
for
com.linecorp.armeria:armeria
(Maven)
Dec 5, 2019
Security Constraint Bypass in Spring Security
High
CVE-2016-9879
was published
for
org.springframework.security:spring-security-core
(Maven)
Sep 15, 2020
Improper Restriction of XML External Entity Reference
High
CVE-2020-13692
was published
for
org.postgresql:postgresql
(Maven)
Feb 10, 2022
Cross-site Scripting in OWASP AntiSamy
Moderate
CVE-2021-35043
was published
for
org.owasp.antisamy:antisamy
(Maven)
Aug 2, 2021
Improper Input Validation and Allocation of Resources Without Limits or Throttling in poi-scratchpad
Moderate
CVE-2022-26336
was published
for
org.apache.poi:poi-scratchpad
(Maven)
Mar 5, 2022
Improper Restriction of XML External Entity Reference in bedework:bw-webdav
High
CVE-2018-20000
was published
for
org.bedework:bw-webdav
(Maven)
Dec 19, 2018
Loop with Unreachable Exit Condition in Apache CXF
Moderate
CVE-2014-3584
was published
for
org.apache.cxf:cxf-rt-frontend-jaxrs
(Maven)
May 13, 2022
Amazon JDBC Driver for Redshift SQL Injection via line comment generation
Critical
CVE-2024-32888
was published
for
com.amazon.redshift:redshift-jdbc42
(Maven)
May 15, 2024
Potential XSS vulnerability in jQuery
Moderate
CVE-2020-11023
was published
for
jQuery
(RubyGems)
Apr 29, 2020
Bonitasoft Runtime Community edition's contains an insecure direct object references vulnerability
Moderate
CVE-2024-28087
was published
for
org.bonitasoft.engine:bonita-server
(Maven)
May 15, 2024
Duplicate Advisory: jQuery Cross Site Scripting vulnerability
Moderate
CVE-2020-23064
was published
for
jQuery
(RubyGems)
Jun 26, 2023
•
withdrawn
Deserialization of Untrusted Data in Spring AMQP
Moderate
CVE-2021-22095
was published
for
org.springframework.amqp:spring-amqp
(Maven)
Dec 1, 2021
Dromara hutool vulnerable to SQL Injection
Critical
CVE-2023-24163
was published
for
cn.hutool:hutool-all
(Maven)
Jan 31, 2023
Multiple WSO2 products vulnerable to perform user impersonatoin using JIT provisioning
High
CVE-2023-6837
was published
for
org.wso2.carbon.identity.framework:org.wso2.carbon.identity.application.authentication.framework
(Maven)
Dec 15, 2023
ProTip!
Advisories are also available from the
GraphQL API