GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
5,117 advisories
Filter by severity
Jetty vulnerable to cache poisoning due to inconsistent HTTP request handling (HTTP Request Smuggling)
High
CVE-2017-7656
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Oct 19, 2018
Jetty contains an alias issue that could allow unauthenticated remote code execution due to specially crafted request
Critical
CVE-2016-4800
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Oct 19, 2018
Eclipse Jetty Server generates error message containing sensitive information
Moderate
CVE-2018-12536
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Oct 19, 2018
Jetty vulnerable to exposure of sensitive information due to observable discrepancy
High
CVE-2017-9735
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Oct 19, 2018
Critical severity vulnerability that affects org.eclipse.jetty:jetty-server
Critical
CVE-2017-7657
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Oct 19, 2018
Apache Struts vulnerable to remote command execution (RCE) due to improper input validation
High
CVE-2018-11776
was published
for
org.apache.struts:struts2-core
(Maven)
Oct 18, 2018
Apache Struts vulnerable to remote arbitrary command execution due to improper input validation
Critical
CVE-2017-5638
was published
for
org.apache.struts:struts2-core
(Maven)
Oct 18, 2018
Spring Security OAuth vulnerable to remote code execution (RCE) via specially crafted request using whitelabel views
High
CVE-2016-4977
was published
for
org.springframework.security.oauth:spring-security-oauth2
(Maven)
Oct 18, 2018
Moderate severity vulnerability that affects com.rabbitmq:amqp-client and org.springframework.amqp:spring-amqp
Moderate
CVE-2018-11087
was published
for
com.rabbitmq:amqp-client
(Maven)
Oct 18, 2018
Moderate severity vulnerability that affects org.springframework.boot:spring-boot
Moderate
CVE-2018-1196
was published
for
org.springframework.boot:spring-boot
(Maven)
Oct 18, 2018
Path traversal in org.springframework.integration:spring-integration-zip
Moderate
CVE-2018-1261
was published
for
org.springframework.integration:spring-integration-zip
(Maven)
Oct 18, 2018
Spring Security OAuth vulnerable to remote code execution (RCE)
Critical
CVE-2018-1260
was published
for
org.springframework.security.oauth:spring-security-oauth2
(Maven)
Oct 18, 2018
Race condition in org.apache.hbase:hbase-thrift
High
CVE-2018-8025
was published
for
org.apache.hbase:hbase-thrift
(Maven)
Oct 18, 2018
High severity vulnerability that affects org.apache.hbase:hbase
High
CVE-2015-1836
was published
for
org.apache.hbase:hbase
(Maven)
Oct 18, 2018
Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15
Moderate
CVE-2016-1000345
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 18, 2018
In Bouncy Castle JCE Provider the DHIES implementation allowed the use of ECB mode
High
CVE-2016-1000344
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 18, 2018
jackson-dataformat-xml vulnerable to server side request forgery (SSRF)
High
CVE-2016-7051
was published
for
com.fasterxml.jackson.dataformat:jackson-dataformat-xml
(Maven)
Oct 18, 2018
jackson-dataformat-xml vulnerable to XML external entity (XXE)
Critical
CVE-2016-3720
was published
for
com.fasterxml.jackson.dataformat:jackson-dataformat-xml
(Maven)
Oct 18, 2018
jackson-databind vulnerable to remote code execution due to incorrect deserialization and blocklist bypass
Critical
CVE-2017-17485
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Oct 18, 2018
jackson-databind vulnerable to deserialization flaw leading to unauthenticated remote code execution
Critical
CVE-2017-15095
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Oct 18, 2018
OrientDB Studio web management interface is vulnerable to clickjacking attacks
Moderate
CVE-2015-2918
was published
for
com.orientechnologies:orientdb-studio
(Maven)
Oct 18, 2018
OrientDB Server Community Edition uses insufficiently random values to generate session IDs
Moderate
CVE-2015-2913
was published
for
com.orientechnologies:orientdb-server
(Maven)
Oct 18, 2018
OrientDB-Server vulnerable to Cross-Site Request Forgery
High
CVE-2015-2912
was published
for
com.orientechnologies:orientdb-studio
(Maven)
Oct 18, 2018
OrientDB vulnerable to Improper Privilage Management leading to arbitrary command injection
Critical
CVE-2017-11467
was published
for
com.orientechnologies:orientdb-core
(Maven)
Oct 18, 2018
Moderate severity vulnerability that affects org.owasp.antisamy:antisamy
Moderate
CVE-2018-1000643
was published
for
org.owasp.antisamy:antisamy
(Maven)
Oct 18, 2018
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API