GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,653
Erlang
29
GitHub Actions
16
Go
1,706
Maven
4,938
npm
3,471
NuGet
603
pip
2,985
Pub
10
RubyGems
826
Rust
772
Swift
34
Unreviewed advisories
All unreviewed
5,000+
4,938 advisories
Filter by severity
Deserialization of Untrusted Data in Apache Olingo
Critical
CVE-2019-17556
was published
for
org.apache.olingo:odata-client-proxy
(Maven)
Feb 4, 2020
Server-Side Request Forgery (SSRF) in Apache Olingo
High
CVE-2020-1925
was published
for
org.apache.olingo:odata-client-core
(Maven)
Feb 4, 2020
Improper Restriction of XML External Entity Reference in Apache Olingo
Moderate
CVE-2019-17554
was published
for
org.apache.olingo:odata-client-core
(Maven)
Feb 4, 2020
XML external entity (XXE) processing ('external-parameter-entities' feature was not fully disabled))
Moderate
CVE-2019-10782
was published
for
com.puppycrawl.tools:checkstyle
(Maven)
Jan 31, 2020
Unrestricted upload of file with dangerous type in Apache Solr
Critical
CVE-2019-12409
was published
for
org.apache.solr:solr-core
(Maven)
Jan 28, 2020
Hard-Coded Key Used For Remember-me Token in Opencast
Moderate
CVE-2020-5222
was published
for
org.opencastproject:opencast-kernel
(Maven)
Jan 30, 2020
Users with ROLE_COURSE_ADMIN can create new users in Opencast
Moderate
CVE-2020-5231
was published
for
org.opencastproject:opencast-kernel
(Maven)
Jan 30, 2020
Request smuggling is possible when both chunked TE and content length specified
Low
CVE-2020-5207
was published
for
io.ktor:ktor-client-cio
(Maven)
Jan 27, 2020
Password Hashing: Do not use MD5
Low
CVE-2020-5229
was published
for
org.opencastproject:opencast-common-jpa-impl
(Maven)
Jan 30, 2020
Apache NiFi process group information disclosure
Moderate
CVE-2019-10083
was published
for
org.apache.nifi:nifi
(Maven)
Dec 2, 2019
Improper input validation in Apache Olingo
High
CVE-2019-17555
was published
for
org.apache.olingo:odata-client-core
(Maven)
Feb 4, 2020
XSS issues in the management interface
Moderate
CVE-2019-13236
was published
for
org.opencms:opencms-core
(Maven)
Nov 12, 2019
XSS in search engine
Moderate
CVE-2019-13234
was published
for
org.opencms:opencms-core
(Maven)
Nov 12, 2019
Stored XSS in Apache Atlas
Moderate
CVE-2019-10070
was published
for
org.apache.atlas:apache-atlas
(Maven)
Jan 8, 2020
Authentication Bypass For Endpoints With Anonymous Access in Opencast
Critical
CVE-2020-5206
was published
for
org.opencastproject:opencast-kernel
(Maven)
Jan 30, 2020
Unauthenticated Access Via OAI-PMH
High
CVE-2020-5228
was published
for
org.opencastproject:opencast-oaipmh-api
(Maven)
Jan 30, 2020
Unsafe Identifiers in Opencast
Moderate
CVE-2020-5230
was published
for
org.opencastproject:base
(Maven)
Jan 30, 2020
Denial of service via deserialization attack in nifi
Moderate
CVE-2017-15703
was published
for
org.apache.nifi:nifi-framework-cluster-protocol
(Maven)
Oct 25, 2019
user/group information can be corrupted across storing in fsimage and reading back from fsimage
High
CVE-2018-11768
was published
for
org.apache.hadoop:hadoop-main
(Maven)
Nov 20, 2019
Unencrypted passwords
Low
GHSA-q594-2475-8v9f
was published
for
org.apache.nifi:nifi-standard-processors
(Maven)
Feb 24, 2021
•
withdrawn
XSS in login form
Moderate
CVE-2019-13235
was published
for
org.opencms:opencms-core
(Maven)
Nov 12, 2019
Elliptic Curve Key Disclosure
High
GHSA-h6wq-jw7q-grxv
was published
for
org.bitbucket.b_c:jose4j
(Maven)
Feb 24, 2021
•
withdrawn
Privilege escalation vulnerability in Apache Hadoop
High
CVE-2018-8029
was published
for
org.apache.hadoop:hadoop-main
(Maven)
May 31, 2019
Cross-Site Scripting in JSPWiki
Moderate
CVE-2019-10076
was published
for
org.apache.jspwiki:jspwiki-main
(Maven)
Jun 6, 2019
XML external entity (XXE) vulnerability
High
GHSA-c8m9-mh38-97p9
was published
for
org.jpmml:pmml-model
(Maven)
Feb 24, 2021
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API