Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

2,346 advisories

Improper Verification of Cryptographic Signature in org.apache.httpcomponents:httpclient Moderate
CVE-2014-3577 was published for org.apache.httpcomponents:httpclient (Maven) Oct 17, 2018
MarkLee131
Moderate severity vulnerability that affects org.restlet.jse:org.restlet Moderate
CVE-2014-1868 was published for org.restlet.jse:org.restlet (Maven) Oct 17, 2018
Junrar vulnerable to Infinite Loop Moderate
CVE-2018-12418 was published for com.github.junrar:junrar (Maven) Oct 17, 2018
Apache Camel allows remote actor to read arbitrary files via external entity in invalid XML string or GenericFile object Moderate
CVE-2015-0264 was published for org.apache.camel:camel-core (Maven) Oct 16, 2018
sunSUNQ
Apache Camel XML External Entity vulnerability Moderate
CVE-2015-0263 was published for org.apache.camel:camel-core (Maven) Oct 16, 2018
sunSUNQ
Apache Camel's Mail is vulnerable to path traversal Moderate
CVE-2018-8041 was published for org.apache.camel:camel-mail (Maven) Oct 16, 2018
MarkLee131 sunSUNQ
Moderate severity vulnerability that affects org.apache.ignite:ignite-core Moderate
CVE-2016-6805 was published for org.apache.ignite:ignite-core (Maven) Oct 16, 2018
Moderate severity vulnerability that affects apache axis Moderate
CVE-2018-8032 was published for axis:axis (Maven) Oct 16, 2018
Improper Validation of Certificates in apache axis Moderate
CVE-2014-3596 was published for axis:axis (Maven) Oct 16, 2018
AndrzejBiernacki2010
Moderate severity vulnerability that affects org.apache.qpid:proton-j Moderate
CVE-2016-2166 was published for org.apache.qpid:proton-j (Maven) Oct 16, 2018
Improper Input Validation in org.apache.qpid:qpid-broker Moderate
CVE-2016-3094 was published for org.apache.qpid:qpid-broker (Maven) Oct 16, 2018
Moderate severity vulnerability that affects org.apache.juddi:juddi-client Moderate
CVE-2015-5241 was published for org.apache.juddi:juddi-client (Maven) Oct 16, 2018
Apache Struts Improper Input Validation vulnerability Moderate
CVE-2017-7672 was published for org.apache.struts:struts2-core (Maven) Oct 16, 2018
Moderate severity vulnerability that affects org.apache.struts:struts2-rest-plugin Moderate
CVE-2017-15707 was published for org.apache.struts:struts2-rest-plugin (Maven) Oct 16, 2018
Moderate severity vulnerability that affects org.springframework:spring-core Moderate
CVE-2018-11040 was published for org.springframework:spring-core (Maven) Oct 16, 2018
sunSUNQ SunBK201
Spring Framework Cross Site Tracing (XST) Moderate
CVE-2018-11039 was published for org.springframework:spring-web (Maven) Oct 16, 2018
sunSUNQ
ZipSlip in org.apache.storm:storm-core Moderate
CVE-2018-8008 was published for org.apache.storm:storm-core (Maven) Oct 16, 2018
MarkLee131
Cross-Site Scripting (XSS) in jquery Moderate
CVE-2015-9251 was published for jQuery (RubyGems) Jan 22, 2018
klaudialax
Cross-site Scripting in jquery-ui Moderate
CVE-2010-5312 was published for jQuery.UI.Combined (RubyGems) Oct 24, 2017
jquery-ui Tooltip widget vulnerable to XSS Moderate
CVE-2012-6662 was published for jQuery.UI.Combined (RubyGems) Oct 24, 2017
jQuery-UI vulnerable to Cross-site Scripting in dialog closeText Moderate
CVE-2016-7103 was published for jQuery.UI.Combined (RubyGems) Oct 24, 2017
ProTip! Advisories are also available from the GraphQL API