GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,678
Erlang
29
GitHub Actions
16
Go
1,707
Maven
4,940
npm
3,471
NuGet
603
pip
2,993
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
4,940 advisories
Filter by severity
In Bouncy Castle JCE Provider the other party DH public key is not fully validated
Low
CVE-2016-1000346
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 17, 2018
In Bouncy Castle JCE Provider the ECIES implementation allowed the use of ECB mode
High
CVE-2016-1000352
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 17, 2018
Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15
Moderate
CVE-2015-7940
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 17, 2018
When running Apache Tomcat on Windows with HTTP PUTs enabled it was possible to upload a JSP file to the server
High
CVE-2017-12615
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Oct 17, 2018
Apache Tomcat Open Redirect vulnerability
Moderate
CVE-2018-11784
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Oct 17, 2018
Apache Tomcat unauthorized access vulnerability
Moderate
CVE-2018-1304
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Oct 17, 2018
Apache Tomcat information exposure vulnerability
Moderate
CVE-2018-1305
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Oct 17, 2018
In Apache Tomcat there is an improper handing of overflow in the UTF-8 decoder
High
CVE-2018-1336
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Oct 17, 2018
The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins
Critical
CVE-2018-8014
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Oct 17, 2018
The host name verification missing in Apache Tomcat
High
CVE-2018-8034
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Oct 17, 2018
Apache Tomcat Race Condition vulnerability
Moderate
CVE-2018-8037
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Oct 17, 2018
The Admin UI in Apache Ranger before 0.5.1 does not properly handle authentication requests that lack a password
Critical
CVE-2016-0733
was published
for
org.apache.ranger:ranger
(Maven)
Oct 17, 2018
SQL injection vulnerability in the policy admin tool in Apache Ranger
High
CVE-2016-2174
was published
for
org.apache.ranger:ranger
(Maven)
Oct 17, 2018
Apache Ranger allows remote authenticated administrators to inject arbitrary web script or HTML
Moderate
CVE-2016-5395
was published
for
org.apache.ranger:ranger
(Maven)
Oct 17, 2018
Moderate severity vulnerability that affects org.apache.ranger:ranger
Moderate
CVE-2016-6815
was published
for
org.apache.ranger:ranger
(Maven)
Oct 17, 2018
Apache Ranger admin users can store some arbitrary javascript code to be executed when normal users login and access policies
Moderate
CVE-2016-8751
was published
for
org.apache.ranger:ranger
(Maven)
Oct 17, 2018
Apache Ranger policy engine incorrectly matches paths in certain conditions
Moderate
CVE-2016-8746
was published
for
org.apache.ranger:ranger-plugins-common
(Maven)
Oct 17, 2018
UnixAuthenticationService in Apache Ranger was updated to correctly handle user input to avoid Stack-based buffer overflow
High
CVE-2018-11778
was published
for
org.apache.ranger:ranger
(Maven)
Oct 17, 2018
Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '' wildcard character
Critical
CVE-2017-7676
was published
for
org.apache.ranger:ranger
(Maven)
Oct 17, 2018
Moderate severity vulnerability that affects org.apache.ranger:ranger
Moderate
CVE-2017-7677
was published
for
org.apache.ranger:ranger
(Maven)
Oct 17, 2018
Spring Data Commons remote code injection vulnerability
Critical
CVE-2018-1273
was published
for
org.springframework.data:spring-data-commons
(Maven)
Oct 17, 2018
Spring Data Commons, used in combination with XMLBeam, contains a property binder vulnerability caused by improper restriction of XML external entity references
High
CVE-2018-1259
was published
for
org.springframework.data:spring-data-commons
(Maven)
Oct 17, 2018
Spring Data Commons contain a property path parser vulnerability caused by unlimited resource allocation
High
CVE-2018-1274
was published
for
org.springframework.data:spring-data-commons
(Maven)
Oct 17, 2018
Incorrect access control in Neo4j Enterprise Database Server via LDAP authentication
Critical
CVE-2018-18389
was published
for
org.neo4j:neo4j-enterprise
(Maven)
Oct 17, 2018
High severity vulnerability that affects org.apache.pdfbox:pdfbox
High
CVE-2016-2175
was published
for
org.apache.pdfbox:pdfbox
(Maven)
Oct 17, 2018
ProTip!
Advisories are also available from the
GraphQL API