Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,231
Erlang
31
GitHub Actions
20
Go
1,991
Maven
5,000+
npm
3,709
NuGet
661
pip
3,341
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

50 advisories

Loading
Improper Input Validation in Apache POI Moderate
CVE-2014-3574 was published for org.apache.poi:poi (Maven) May 17, 2022
MarkLee131
Improper Authentication in Hibernate Validator Moderate
CVE-2014-3558 was published for org.hibernate:hibernate-validator (Maven) May 14, 2022
MarkLee131
Improper Restriction of XML External Entity Reference in Apache POI Moderate
CVE-2014-3529 was published for org.apache.poi:poi (Maven) May 17, 2022
MarkLee131
Improper Input Validation in Apache Tomcat Moderate
CVE-2014-0227 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
MarkLee131
Netty denial of service vulnerability Moderate
CVE-2014-0193 was published for io.netty:netty (Maven) May 13, 2022
MarkLee131
Improper Verification of Cryptographic Signature in org.apache.httpcomponents:httpclient Moderate
CVE-2014-3577 was published for org.apache.httpcomponents:httpclient (Maven) Oct 17, 2018
MarkLee131
Improper Input Validation in Apache Santuario XML Security Moderate
CVE-2014-8152 was published for org.apache.santuario:xmlsec (Maven) May 13, 2022
MarkLee131
Improper Input Validation in Apache Jackrabbit Moderate
CVE-2015-1833 was published for org.apache.jackrabbit:jackrabbit-core (Maven) May 14, 2022
MarkLee131
Path traversal in org.springframework.integration:spring-integration-zip Moderate
CVE-2018-1261 was published for org.springframework.integration:spring-integration-zip (Maven) Oct 18, 2018
MarkLee131
spring-integration-zip Arbitrary File Write Moderate
CVE-2018-1263 was published for org.springframework.integration:spring-integration-zip (Maven) May 13, 2022
MarkLee131
Moderate severity vulnerability that affects org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cxf.fediz:fediz-spring3 Moderate
CVE-2017-12631 was published for org.apache.cxf.fediz:fediz-spring (Maven) Oct 18, 2018
MarkLee131
ZipSlip in org.apache.storm:storm-core Moderate
CVE-2018-8008 was published for org.apache.storm:storm-core (Maven) Oct 16, 2018
MarkLee131
Denial of Service in org.springframework:spring-core Moderate
CVE-2018-1257 was published for org.springframework:spring-core (Maven) Oct 17, 2018
sunSUNQ MarkLee131
Apache Struts's ParameterInterceptor component does not prevent access to public constructors Moderate
CVE-2012-0393 was published for org.apache.struts.xwork:xwork-core (Maven) May 4, 2022
sunSUNQ MarkLee131
Path Traversal in org.springframework:spring-core Moderate
CVE-2018-1271 was published for org.springframework:spring-core (Maven) Oct 17, 2018
sunSUNQ MarkLee131
Apache Struts's DebuggingInterceptor component allows remote code execution in developer mode Moderate
CVE-2012-0394 was published for org.apache.struts.xwork:xwork-core (Maven) May 4, 2022
sunSUNQ MarkLee131
Improper Neutralization of Input During Web Page Generation in Apache Tomcat Moderate
CVE-2010-4172 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ MarkLee131
Exposure of Sensitive Information to an Unauthorized Actor in Apache HttpClient Moderate
CVE-2011-1498 was published for org.apache.httpcomponents:httpclient (Maven) May 17, 2022
MarkLee131
Cross-site Scripting in Apache ActiveMQ Moderate
CVE-2012-6092 was published for org.apache.activemq:activemq-core (Maven) May 17, 2022
MarkLee131
Inefficient Algorithmic Complexity in Apache Santuario XML Security Moderate
CVE-2013-2172 was published for org.apache.santuario:xmlsec (Maven) May 13, 2022
MarkLee131
Improper Neutralization of Input During Web Page Generation in JavaMelody Moderate
CVE-2013-4378 was published for net.bull.javamelody:javamelody-core (Maven) May 17, 2022
MarkLee131
Improper Input Validation in Apache Santuario XML Security Moderate
CVE-2013-4517 was published for org.apache.santuario:xmlsec (Maven) May 13, 2022
MarkLee131
Apache XML Security For Java vulnerable to Infinite Loop Moderate
CVE-2013-5823 was published for org.apache.santuario:xmlsec (Maven) May 14, 2022
MarkLee131
Missing Cryptographic Step in OWASP Enterprise Security API for Java Moderate
CVE-2013-5960 was published for org.owasp.esapi:esapi (Maven) May 14, 2022
MarkLee131
Improper Limitation of a Pathname to a Restricted Directory in Apache Solr Moderate
CVE-2013-6397 was published for org.apache.solr:solr-core (Maven) May 17, 2022
MarkLee131
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database