GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,799
Erlang
29
GitHub Actions
16
Go
1,713
Maven
4,948
npm
3,477
NuGet
605
pip
3,006
Pub
10
RubyGems
829
Rust
774
Swift
34
Unreviewed advisories
All unreviewed
5,000+
25 advisories
Filter by severity
json-path Out-of-bounds Write vulnerability
Moderate
CVE-2023-51074
was published
for
com.jayway.jsonpath:json-path
(Maven)
Dec 27, 2023
Unsafe deserialization in com.alibaba:fastjson
High
CVE-2022-25845
was published
for
com.alibaba:fastjson
(Maven)
Jun 11, 2022
Possible information disclosure inside TreeGrid component with default data provider
Moderate
CVE-2022-29567
was published
for
com.vaadin:vaadin
(Maven)
May 25, 2022
Improper Neutralization of Input During Web Page Generation in Jsoup
Moderate
CVE-2015-6748
was published
for
org.jsoup:jsoup
(Maven)
May 13, 2022
Deserialization of Untrusted Data in Groovy
Critical
CVE-2016-6814
was published
for
org.codehaus.groovy:groovy
(Maven)
May 13, 2022
Loop with Unreachable Exit Condition in Apache CXF
Moderate
CVE-2014-3584
was published
for
org.apache.cxf:cxf-rt-frontend-jaxrs
(Maven)
May 13, 2022
Denial of service in Spring Security OAuth2
Moderate
CVE-2022-22969
was published
for
org.springframework.security.oauth:spring-security-oauth2
(Maven)
Apr 22, 2022
Improper handling of case sensitivity in Spring Framework
High
CVE-2022-22968
was published
for
org.springframework:spring-context
(Maven)
Apr 15, 2022
Improper Input Validation and Allocation of Resources Without Limits or Throttling in poi-scratchpad
Moderate
CVE-2022-26336
was published
for
org.apache.poi:poi-scratchpad
(Maven)
Mar 5, 2022
Improper Restriction of XML External Entity Reference
High
CVE-2020-13692
was published
for
org.postgresql:postgresql
(Maven)
Feb 10, 2022
Denial of Service in Apache James
High
CVE-2021-40110
was published
for
org.apache.james:james-server
(Maven)
Jan 8, 2022
Deserialization of Untrusted Data in Spring AMQP
Moderate
CVE-2021-22095
was published
for
org.springframework.amqp:spring-amqp
(Maven)
Dec 1, 2021
Denial of service in DataCommunicator class in Vaadin 8
Moderate
CVE-2021-33609
was published
for
com.vaadin:vaadin-server
(Maven)
Oct 13, 2021
Cross-site Scripting in OWASP AntiSamy
Moderate
CVE-2021-35043
was published
for
org.owasp.antisamy:antisamy
(Maven)
Aug 2, 2021
Regular expression denial of service (ReDoS) in EmailValidator class in Vaadin 7
High
CVE-2020-36320
was published
for
com.vaadin:vaadin-bom
(Maven)
Apr 19, 2021
Security Constraint Bypass in Spring Security
High
CVE-2016-9879
was published
for
org.springframework.security:spring-security-core
(Maven)
Sep 15, 2020
The SafeHtml annotation in Hibernate-Validator does not properly guard against XSS attacks
Moderate
CVE-2019-10219
was published
for
org.hibernate.validator:hibernate-validator
(Maven)
Jan 8, 2020
Low severity vulnerability that affects com.linecorp.armeria:armeria
Moderate
CVE-2019-16771
was published
for
com.linecorp.armeria:armeria
(Maven)
Dec 5, 2019
HTTP Request Smuggling in Netty
High
CVE-2019-16869
was published
for
io.netty:netty-all
(Maven)
Oct 11, 2019
Open Redirect in Spring Security OAuth
Moderate
CVE-2019-11269
was published
for
org.springframework.security.oauth:spring-security-oauth
(Maven)
Jun 13, 2019
Improper Restriction of XML External Entity Reference in bedework:bw-webdav
High
CVE-2018-20000
was published
for
org.bedework:bw-webdav
(Maven)
Dec 19, 2018
Spring Security OAuth vulnerable to remote code execution (RCE) via specially crafted request using whitelabel views
High
CVE-2016-4977
was published
for
org.springframework.security.oauth:spring-security-oauth2
(Maven)
Oct 18, 2018
Spring Security OAuth vulnerable to remote code execution (RCE)
Critical
CVE-2018-1260
was published
for
org.springframework.security.oauth:spring-security-oauth2
(Maven)
Oct 18, 2018
In Bouncy Castle JCE Provider it is possible to inject extra elements in the sequence making up the signature and still have it validate
High
CVE-2016-1000338
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 17, 2018
Moderate severity vulnerability that affects org.springframework:spring-core
Moderate
CVE-2018-11040
was published
for
org.springframework:spring-core
(Maven)
Oct 16, 2018
ProTip!
Advisories are also available from the
GraphQL API