GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 19,961
Composer 4,055
Erlang 29
GitHub Actions 19
Go 1,889
Maven 5,076
npm 3,605
NuGet 638
pip 3,208
Pub 10
RubyGems 852
Rust 816
Swift 35

Unreviewed advisories

All unreviewed 227,357

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

5,076 advisories

Filter by severity

Sort by

Least recently updated

Improper Limitation of a Pathname ('Path Traversal') in org.apache.solr:solr-core High

CVE-2017-3163 was published for org.apache.solr:solr-core (Maven) Oct 18, 2018

keycloak-core vulnerable to timing attacks against JWS token verification Moderate

CVE-2017-2585 was published for org.keycloak:keycloak-core (Maven) Oct 18, 2018

Moderate severity vulnerability that affects org.keycloak:keycloak-core Moderate

CVE-2016-8629 was published for org.keycloak:keycloak-core (Maven) Oct 18, 2018

Moderate severity vulnerability that affects org.keycloak:keycloak-core Moderate

CVE-2017-1000500 was published for org.keycloak:keycloak-core (Maven) Oct 18, 2018 • withdrawn

Improper Authentication in org.keycloak:keycloak-core High

CVE-2016-8609 was published for org.keycloak:keycloak-core (Maven) Oct 18, 2018

Keycloak vulnerable to infinite loop based Denial of Service High

CVE-2017-2646 was published for org.keycloak:keycloak-core (Maven) Oct 18, 2018

keycloak-core discloses system properties Moderate

CVE-2017-2582 was published for org.keycloak:keycloak-core (Maven) Oct 18, 2018

Moderate severity vulnerability that affects org.keycloak:keycloak-core Moderate

CVE-2018-10912 was published for org.keycloak:keycloak-core (Maven) Oct 18, 2018

Moderate severity vulnerability that affects org.keycloak:keycloak-core Moderate

CVE-2017-12161 was published for org.keycloak:keycloak-core (Maven) Oct 18, 2018

Keycloak vulnerable to uncontrolled resource consumption High

CVE-2014-3651 was published for org.keycloak:keycloak-core (Maven) Oct 18, 2018

Moderate severity vulnerability that affects org.apache.cxf.fediz:fediz-jetty8, org.apache.cxf.fediz:fediz-jetty9, and org.apache.cxf.fediz:fediz-spring2 Moderate

CVE-2017-7661 was published for org.apache.cxf.fediz:fediz-jetty8 (Maven) Oct 18, 2018

High severity vulnerability that affects org.apache.cxf.fediz:fediz-jetty8, org.apache.cxf.fediz:fediz-jetty9, org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cxf.fediz:fediz-spring3 High

CVE-2018-8038 was published for org.apache.cxf.fediz:fediz-jetty8 (Maven) Oct 18, 2018

Apache CXF Fediz application plugins are vulnerable to Denial of Service (DoS) attacks High

CVE-2015-5175 was published for org.apache.cxf.fediz:fediz-core (Maven) Oct 18, 2018

High severity vulnerability that affects org.apache.cxf.fediz:fediz-spring and org.apache.cxf.fediz:fediz-spring2 High

CVE-2016-4464 was published for org.apache.cxf.fediz:fediz-spring (Maven) Oct 18, 2018

Moderate severity vulnerability that affects org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cxf.fediz:fediz-spring3 Moderate

CVE-2017-12631 was published for org.apache.cxf.fediz:fediz-spring (Maven) Oct 18, 2018

Moderate severity vulnerability that affects org.owasp.antisamy:antisamy Moderate

CVE-2016-10006 was published for org.owasp.antisamy:antisamy (Maven) Oct 18, 2018

OWASP AntiSamy Cross-site Scripting vulnerability Moderate

CVE-2017-14735 was published for org.owasp.antisamy:antisamy (Maven) Oct 18, 2018

Moderate severity vulnerability that affects org.owasp.antisamy:antisamy Moderate

CVE-2018-1000643 was published for org.owasp.antisamy:antisamy (Maven) Oct 18, 2018 • withdrawn

OrientDB vulnerable to Improper Privilage Management leading to arbitrary command injection Critical

CVE-2017-11467 was published for com.orientechnologies:orientdb-core (Maven) Oct 18, 2018

OrientDB-Server vulnerable to Cross-Site Request Forgery High

CVE-2015-2912 was published for com.orientechnologies:orientdb-studio (Maven) Oct 18, 2018

OrientDB Server Community Edition uses insufficiently random values to generate session IDs Moderate

CVE-2015-2913 was published for com.orientechnologies:orientdb-server (Maven) Oct 18, 2018

OrientDB Studio web management interface is vulnerable to clickjacking attacks Moderate

CVE-2015-2918 was published for com.orientechnologies:orientdb-studio (Maven) Oct 18, 2018

jackson-databind vulnerable to deserialization flaw leading to unauthenticated remote code execution Critical

CVE-2017-15095 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Oct 18, 2018

jackson-databind vulnerable to remote code execution due to incorrect deserialization and blocklist bypass Critical

CVE-2017-17485 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Oct 18, 2018

jackson-dataformat-xml vulnerable to XML external entity (XXE) Critical

CVE-2016-3720 was published for com.fasterxml.jackson.dataformat:jackson-dataformat-xml (Maven) Oct 18, 2018

Previous 1 2 3 4 5 6 7 8 … 203 204 Next

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

5,076 advisories