GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,738
NuGet
663
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
16 advisories
Filter by severity
Integer overflow in BCrypt class in Spring Security
Moderate
CVE-2022-22976
was published
for
org.springframework.security:spring-security-core
(Maven)
May 20, 2022
Moderate severity vulnerability that affects org.apache.commons:commons-compress
Moderate
CVE-2018-11771
was published
for
org.apache.commons:commons-compress
(Maven)
Oct 19, 2018
Improper Neutralization of Input During Web Page Generation in Spring Framework
Moderate
CVE-2013-6430
was published
for
org.springframework:spring-web
(Maven)
May 5, 2022
json-path Out-of-bounds Write vulnerability
Moderate
CVE-2023-51074
was published
for
com.jayway.jsonpath:json-path
(Maven)
Dec 27, 2023
Deserialization of Untrusted Data in Spring AMQP
Moderate
CVE-2021-22095
was published
for
org.springframework.amqp:spring-amqp
(Maven)
Dec 1, 2021
Loop with Unreachable Exit Condition in Apache CXF
Moderate
CVE-2014-3584
was published
for
org.apache.cxf:cxf-rt-frontend-jaxrs
(Maven)
May 13, 2022
Improper Input Validation and Allocation of Resources Without Limits or Throttling in poi-scratchpad
Moderate
CVE-2022-26336
was published
for
org.apache.poi:poi-scratchpad
(Maven)
Mar 5, 2022
Cross-site Scripting in OWASP AntiSamy
Moderate
CVE-2021-35043
was published
for
org.owasp.antisamy:antisamy
(Maven)
Aug 2, 2021
Low severity vulnerability that affects com.linecorp.armeria:armeria
Moderate
CVE-2019-16771
was published
for
com.linecorp.armeria:armeria
(Maven)
Dec 5, 2019
Moderate severity vulnerability that affects org.springframework:spring-core
Moderate
CVE-2018-11040
was published
for
org.springframework:spring-core
(Maven)
Oct 16, 2018
Possible information disclosure inside TreeGrid component with default data provider
Moderate
CVE-2022-29567
was published
for
com.vaadin:vaadin
(Maven)
May 25, 2022
The SafeHtml annotation in Hibernate-Validator does not properly guard against XSS attacks
Moderate
CVE-2019-10219
was published
for
org.hibernate.validator:hibernate-validator
(Maven)
Jan 8, 2020
Denial of service in DataCommunicator class in Vaadin 8
Moderate
CVE-2021-33609
was published
for
com.vaadin:vaadin-server
(Maven)
Oct 13, 2021
Improper Neutralization of Input During Web Page Generation in Jsoup
Moderate
CVE-2015-6748
was published
for
org.jsoup:jsoup
(Maven)
May 13, 2022
Open Redirect in Spring Security OAuth
Moderate
CVE-2019-11269
was published
for
org.springframework.security.oauth:spring-security-oauth
(Maven)
Jun 13, 2019
Denial of service in Spring Security OAuth2
Moderate
CVE-2022-22969
was published
for
org.springframework.security.oauth:spring-security-oauth2
(Maven)
Apr 22, 2022
ProTip!
Advisories are also available from the
GraphQL API