Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,799
Erlang
29
GitHub Actions
16
Go
1,713
Maven
4,948
npm
3,477
NuGet
605
pip
3,006
Pub
10
RubyGems
829
Rust
774
Swift
34
Unreviewed advisories
All unreviewed
5,000+

25 advisories

json-path Out-of-bounds Write vulnerability Moderate
CVE-2023-51074 was published for com.jayway.jsonpath:json-path (Maven) Dec 27, 2023
phrabec SunBK201
Unsafe deserialization in com.alibaba:fastjson High
CVE-2022-25845 was published for com.alibaba:fastjson (Maven) Jun 11, 2022
SunBK201
Possible information disclosure inside TreeGrid component with default data provider Moderate
CVE-2022-29567 was published for com.vaadin:vaadin (Maven) May 25, 2022
SunBK201
Improper Neutralization of Input During Web Page Generation in Jsoup Moderate
CVE-2015-6748 was published for org.jsoup:jsoup (Maven) May 13, 2022
SunBK201
Deserialization of Untrusted Data in Groovy Critical
CVE-2016-6814 was published for org.codehaus.groovy:groovy (Maven) May 13, 2022
SunBK201
Loop with Unreachable Exit Condition in Apache CXF Moderate
CVE-2014-3584 was published for org.apache.cxf:cxf-rt-frontend-jaxrs (Maven) May 13, 2022
sunSUNQ SunBK201
Denial of service in Spring Security OAuth2 Moderate
CVE-2022-22969 was published for org.springframework.security.oauth:spring-security-oauth2 (Maven) Apr 22, 2022
ebickle SunBK201
Improper handling of case sensitivity in Spring Framework High
CVE-2022-22968 was published for org.springframework:spring-context (Maven) Apr 15, 2022
tdunlap607 amita-seal
SunBK201
Improper Input Validation and Allocation of Resources Without Limits or Throttling in poi-scratchpad Moderate
CVE-2022-26336 was published for org.apache.poi:poi-scratchpad (Maven) Mar 5, 2022
SunBK201
Improper Restriction of XML External Entity Reference High
CVE-2020-13692 was published for org.postgresql:postgresql (Maven) Feb 10, 2022
SunBK201
Denial of Service in Apache James High
CVE-2021-40110 was published for org.apache.james:james-server (Maven) Jan 8, 2022
SunBK201
Deserialization of Untrusted Data in Spring AMQP Moderate
CVE-2021-22095 was published for org.springframework.amqp:spring-amqp (Maven) Dec 1, 2021
SunBK201
Denial of service in DataCommunicator class in Vaadin 8 Moderate
CVE-2021-33609 was published for com.vaadin:vaadin-server (Maven) Oct 13, 2021
SunBK201
Cross-site Scripting in OWASP AntiSamy Moderate
CVE-2021-35043 was published for org.owasp.antisamy:antisamy (Maven) Aug 2, 2021
SunBK201
Regular expression denial of service (ReDoS) in EmailValidator class in Vaadin 7 High
CVE-2020-36320 was published for com.vaadin:vaadin-bom (Maven) Apr 19, 2021
SunBK201
Security Constraint Bypass in Spring Security High
CVE-2016-9879 was published for org.springframework.security:spring-security-core (Maven) Sep 15, 2020
SunBK201
The SafeHtml annotation in Hibernate-Validator does not properly guard against XSS attacks Moderate
CVE-2019-10219 was published for org.hibernate.validator:hibernate-validator (Maven) Jan 8, 2020
SunBK201
Low severity vulnerability that affects com.linecorp.armeria:armeria Moderate
CVE-2019-16771 was published for com.linecorp.armeria:armeria (Maven) Dec 5, 2019
SunBK201
HTTP Request Smuggling in Netty High
CVE-2019-16869 was published for io.netty:netty-all (Maven) Oct 11, 2019
G-Rath westonsteimel
SunBK201
Open Redirect in Spring Security OAuth Moderate
CVE-2019-11269 was published for org.springframework.security.oauth:spring-security-oauth (Maven) Jun 13, 2019
SunBK201
Improper Restriction of XML External Entity Reference in bedework:bw-webdav High
CVE-2018-20000 was published for org.bedework:bw-webdav (Maven) Dec 19, 2018
SunBK201
Spring Security OAuth vulnerable to remote code execution (RCE) via specially crafted request using whitelabel views High
CVE-2016-4977 was published for org.springframework.security.oauth:spring-security-oauth2 (Maven) Oct 18, 2018
SunBK201
Spring Security OAuth vulnerable to remote code execution (RCE) Critical
CVE-2018-1260 was published for org.springframework.security.oauth:spring-security-oauth2 (Maven) Oct 18, 2018
MikeMoore63 SunBK201
In Bouncy Castle JCE Provider it is possible to inject extra elements in the sequence making up the signature and still have it validate High
CVE-2016-1000338 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 17, 2018
AndrzejBiernacki2010 SunBK201
Moderate severity vulnerability that affects org.springframework:spring-core Moderate
CVE-2018-11040 was published for org.springframework:spring-core (Maven) Oct 16, 2018
sunSUNQ SunBK201
ProTip! Advisories are also available from the GraphQL API