GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 19,732
Composer 4,028
Erlang 29
GitHub Actions 16
Go 1,830
Maven 5,045
npm 3,573
NuGet 632
pip 3,157
Pub 10
RubyGems 847
Rust 796
Swift 34

Unreviewed advisories

All unreviewed 224,740

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

5,045 advisories

Filter by severity

Sort by

Least recently updated

Moderate severity vulnerability that affects org.apache.mesos:mesos Moderate

CVE-2018-8023 was published for org.apache.mesos:mesos (Maven) Oct 17, 2018

Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15 Moderate

CVE-2016-1000345 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 18, 2018

High severity vulnerability that affects com.github.shyiko.ktlint:ktlint-core High

CVE-2019-1010260 was published for com.github.shyiko.ktlint:ktlint-core (Maven) Apr 8, 2019

Moderate severity vulnerability that affects com.adobe.xmp:xmpcore High

CVE-2016-4216 was published for com.adobe.xmp:xmpcore (Maven) Oct 19, 2018

Moderate severity vulnerability that affects org.apache.karaf:apache-karaf and org.apache.karaf:karaf Moderate

CVE-2019-0191 was published for org.apache.karaf:apache-karaf (Maven) Mar 25, 2019

Spark allows remote attackers to read arbitrary files via a .. (dot dot) in the URI High

CVE-2016-9177 was published for com.sparkjava:spark-core (Maven) Oct 4, 2018

Moderate severity vulnerability that affects org.apache.hive:hive-jdbc Moderate

CVE-2018-1314 was published for org.apache.hive:hive-jdbc (Maven) Nov 21, 2018

Moderate severity vulnerability that affects org.apache.karaf:apache-karaf Moderate

CVE-2016-8750 was published for org.apache.karaf:apache-karaf (Maven) Jan 7, 2019

Moderate severity vulnerability that affects com.puppycrawl.tools:checkstyle Moderate

CVE-2019-9658 was published for com.puppycrawl.tools:checkstyle (Maven) Mar 14, 2019

Apache Tika is vulnerable to entity expansions which can lead to a denial of service attack High

CVE-2018-11796 was published for org.apache.tika:tika-core (Maven) Oct 17, 2018

Moderate severity vulnerability that affects org.apache.ranger:ranger Moderate

CVE-2017-7677 was published for org.apache.ranger:ranger (Maven) Oct 17, 2018

Moderate severity vulnerability that affects org.keycloak:keycloak-core Moderate

CVE-2017-12161 was published for org.keycloak:keycloak-core (Maven) Oct 18, 2018

High severity vulnerability that affects org.apache.spark:spark-core_2.10 and org.apache.spark:spark-core_2.11 High

CVE-2017-12612 was published for org.apache.spark:spark-core_2.10 (Maven) Nov 9, 2018

Moderate severity vulnerability that affects org.apache.hadoop:hadoop-main Moderate

CVE-2017-3166 was published for org.apache.hadoop:hadoop-main (Maven) Dec 21, 2018

Moderate severity vulnerability that affects org.apache.ignite:ignite-core Moderate

CVE-2016-6805 was published for org.apache.ignite:ignite-core (Maven) Oct 16, 2018

Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15 Moderate

CVE-2016-1000339 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 17, 2018

High severity vulnerability that affects com.typesafe.akka:akka-http-core_2.11 and com.typesafe.akka:akka-http-core_2.12 High

CVE-2018-16131 was published for com.typesafe.akka:akka-http-core_2.11 (Maven) Oct 22, 2018

Apache Ignite communicates to an external PHP server where sensitive information is sent High

CVE-2017-7686 was published for org.apache.ignite:ignite-core (Maven) Oct 16, 2018

The Admin UI in Apache Ranger before 0.5.1 does not properly handle authentication requests that lack a password Critical

CVE-2016-0733 was published for org.apache.ranger:ranger (Maven) Oct 17, 2018

JavaMelody has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java. Critical

CVE-2018-15531 was published for net.bull.javamelody:javamelody-core (Maven) Oct 17, 2018

Moderate severity vulnerability that affects io.vertx:vertx-core Moderate

CVE-2018-12537 was published for io.vertx:vertx-core (Maven) Oct 19, 2018

In Bouncy Castle JCE Provider the other party DH public key is not fully validated Low

CVE-2016-1000346 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 17, 2018

Moderate severity vulnerability that affects io.undertow:undertow-core Moderate

CVE-2017-2670 was published for io.undertow:undertow-core (Maven) Oct 19, 2018

Moderate severity vulnerability that affects org.apache.qpid:proton-j Moderate

CVE-2016-2166 was published for org.apache.qpid:proton-j (Maven) Oct 16, 2018

UnixAuthenticationService in Apache Ranger was updated to correctly handle user input to avoid Stack-based buffer overflow High

CVE-2018-11778 was published for org.apache.ranger:ranger (Maven) Oct 17, 2018

Previous 1 2 … 197 198 199 200 201 202 Next

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

5,045 advisories