Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,678
Erlang
29
GitHub Actions
16
Go
1,707
Maven
4,940
npm
3,471
NuGet
603
pip
2,987
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

4,940 advisories

Moderate severity vulnerability that affects org.apache.juddi:juddi-client Moderate
CVE-2015-5241 was published for org.apache.juddi:juddi-client (Maven) Oct 16, 2018
AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication Critical
CVE-2016-4432 was published for org.apache.qpid:qpid-broker-plugins-amqp-0-8-protocol (Maven) Oct 16, 2018
Improper Input Validation in org.apache.qpid:qpid-broker Moderate
CVE-2016-3094 was published for org.apache.qpid:qpid-broker (Maven) Oct 16, 2018
Moderate severity vulnerability that affects org.apache.qpid:proton-j Moderate
CVE-2016-2166 was published for org.apache.qpid:proton-j (Maven) Oct 16, 2018
Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents High
CVE-2018-8030 was published for org.apache.qpid:apache-qpid-broker-j (Maven) Oct 16, 2018
MarkLee131
Improper Validation of Certificates in apache axis Moderate
CVE-2014-3596 was published for axis:axis (Maven) Oct 16, 2018
AndrzejBiernacki2010
Moderate severity vulnerability that affects apache axis Moderate
CVE-2018-8032 was published for axis:axis (Maven) Oct 16, 2018
Apache Ignite communicates to an external PHP server where sensitive information is sent High
CVE-2017-7686 was published for org.apache.ignite:ignite-core (Maven) Oct 16, 2018
Moderate severity vulnerability that affects org.apache.ignite:ignite-core Moderate
CVE-2016-6805 was published for org.apache.ignite:ignite-core (Maven) Oct 16, 2018
Apache serialization mechanism does not have a list of classes allowed for serialization/deserialization Critical
CVE-2018-1295 was published for org.apache.ignite:ignite-core (Maven) Oct 16, 2018
Code execution via deserialization in org.apache.ignite:ignite-core Critical
CVE-2018-8018 was published for org.apache.ignite:ignite-core (Maven) Oct 16, 2018
MarkLee131
Camel-castor component in Apache Camel is vulnerable to Java object de-serialisation Critical
CVE-2017-12634 was published for org.apache.camel:camel-castor (Maven) Oct 16, 2018
sunSUNQ
Apache is vulnerable to XXE in XSD validation processor Critical
CVE-2018-8027 was published for org.apache.camel:camel-core (Maven) Oct 16, 2018
sunSUNQ
Apache Camel's Mail is vulnerable to path traversal Moderate
CVE-2018-8041 was published for org.apache.camel:camel-mail (Maven) Oct 16, 2018
MarkLee131 sunSUNQ
Apache Camel XML External Entity vulnerability Moderate
CVE-2015-0263 was published for org.apache.camel:camel-core (Maven) Oct 16, 2018
sunSUNQ
Apache Camel allows remote actor to read arbitrary files via external entity in invalid XML string or GenericFile object Moderate
CVE-2015-0264 was published for org.apache.camel:camel-core (Maven) Oct 16, 2018
sunSUNQ
Camel-xstream component in Apache Camel can allow remote attackers to execute arbitrary commands Critical
CVE-2015-5344 was published for org.apache.camel:camel-xstream (Maven) Oct 16, 2018
sunSUNQ
Apache Camel can allow remote attackers to execute arbitrary commands High
CVE-2015-5348 was published for org.apache.camel:camel-ahc (Maven) Oct 16, 2018
sunSUNQ
Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks Critical
CVE-2016-8749 was published for org.apache.camel:camel-jackson (Maven) Oct 16, 2018
sunSUNQ
Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE. High
CVE-2017-5643 was published for org.apache.camel:camel-core (Maven) Oct 16, 2018
sunSUNQ
Apache Camel's XSLT component allows remote attackers to read arbitrary files High
CVE-2014-0002 was published for org.apache.camel:camel-core (Maven) Oct 16, 2018
sunSUNQ
Apache Camel's XSLT component allows remote attackers to execute arbitrary Java methods High
CVE-2014-0003 was published for org.apache.camel:camel-core (Maven) Oct 16, 2018
sunSUNQ
Junrar vulnerable to Infinite Loop Moderate
CVE-2018-12418 was published for com.github.junrar:junrar (Maven) Oct 17, 2018
Restlet Framework allows remote attackers to access arbitrary files via a crafted REST API HTTP request High
CVE-2017-14949 was published for org.restlet.jse:org.restlet (Maven) Oct 17, 2018
tdunlap607
Restlet Framework Ja-rs extension is vulnerable to XXE when using SimpleXMLProvider High
CVE-2017-14868 was published for org.restlet.jse:org.restlet.ext.jaxrs (Maven) Oct 17, 2018
ProTip! Advisories are also available from the GraphQL API