Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,344
Erlang
31
GitHub Actions
22
Go
2,109
Maven
5,000+
npm
3,765
NuGet
680
pip
3,453
Pub
12
RubyGems
892
Rust
887
Swift
37
Unreviewed advisories
All unreviewed
5,000+

280 advisories

Loading
There is a XML external entity expansion (XXE) vulnerability in Apache Solr config files Moderate
CVE-2018-8010 was published for org.apache.solr:solr-core (Maven) Oct 17, 2018
MarkLee131
Path Traversal in Hadoop High
CVE-2018-8009 was published for org.apache.hadoop:hadoop-main (Maven) Dec 21, 2018
MarkLee131
Improper Restriction of XML External Entity Reference in pippo-core Critical
CVE-2018-20059 was published for ro.pippo:pippo-core (Maven) Dec 19, 2018
MarkLee131
Exposure of Sensitive Information to an Unauthorized Actor in SonarSource SonarQube API Moderate
CVE-2018-19413 was published for org.sonarsource.sonarqube:sonar-plugin-api (Maven) May 14, 2022
MarkLee131
Deserialization of Untrusted Data in Pippo Critical
CVE-2018-18628 was published for ro.pippo:pippo-core (Maven) Oct 24, 2018
MarkLee131
Cleartext Transmission of Sensitive Information in Apache nifi High
CVE-2018-17195 was published for org.apache.nifi:nifi (Maven) Dec 20, 2018
MarkLee131
Apache NiFi Improper Input Validation vulnerability High
CVE-2018-17194 was published for org.apache.nifi:nifi-framework-cluster (Maven) Dec 20, 2018
MarkLee131
Cross site scripting in org.apache.nifi:nifi Moderate
CVE-2018-17193 was published for org.apache.nifi:nifi (Maven) Dec 20, 2018
MarkLee131
Improper Restriction of Rendered UI Layers or Frames in Apache nifif Moderate
CVE-2018-17192 was published for org.apache.nifi:nifi (Maven) Dec 20, 2018
MarkLee131
Improper Certificate Validation in proton-j High
CVE-2018-17187 was published for org.apache.qpid:proton-j (Maven) Nov 21, 2018
MarkLee131
Improper Restriction of XML External Entity Reference in org.apache.syncope:syncope-core High
CVE-2018-17186 was published for org.apache.syncope:syncope-core (Maven) Nov 6, 2018
MarkLee131
Authorization bypass in org.springframework.security.oauth:spring-security-oauth2 High
CVE-2018-15758 was published for org.springframework.security.oauth:spring-security-oauth2 (Maven) Oct 19, 2018
MarkLee131
Exposure of Sensitive Information to an Unauthorized Actor in Apache syncope-cope Moderate
CVE-2018-1322 was published for org.apache.syncope:syncope-core (Maven) Nov 6, 2018
MarkLee131
Issuer validation regression in Spring Cloud SSO Connector High
CVE-2018-1256 was published for io.pivotal.spring.cloud:spring-cloud-sso-connector (Maven) May 13, 2022
q5438722 MarkLee131
Moderate severity vulnerability that affects io.vertx:vertx-core Moderate
CVE-2018-12544 was published for io.vertx:vertx-core (Maven) Oct 17, 2018
MarkLee131
High severity vulnerability that affects org.apache.syncope:syncope-core High
CVE-2018-1321 was published for org.apache.syncope:syncope-core (Maven) Nov 6, 2018
MarkLee131
Improper Input Validation in Apache Thrift High
CVE-2018-1320 was published for org.apache.thrift:libthrift (Maven) Jan 17, 2019
szymon-miezal MarkLee131
There is a XML external entity expansion (XXE) vulnerability in Apache Solr High
CVE-2018-1308 was published for org.apache.solr:solr-core (Maven) Oct 17, 2018
MarkLee131
Exposure of Sensitive Information to an Unauthorized Actor in Apache hive Low
CVE-2018-1284 was published for org.apache.hive:hive (Maven) Nov 21, 2018
MarkLee131
Spring Data Commons contain a property path parser vulnerability caused by unlimited resource allocation High
CVE-2018-1274 was published for org.springframework.data:spring-data-commons (Maven) Oct 17, 2018
MarkLee131
Apache Commons Compress vulnerable to denial of service due to infinite loop Moderate
CVE-2018-1324 was published for com.liferay:com.liferay.portal.tools.bundle.support (Maven) Mar 14, 2019
wtwhite MarkLee131
Deserialization of Untrusted Data in Apache OpenJPA High
CVE-2013-1768 was published for org.apache.openjpa:openjpa (Maven) May 14, 2022
MarkLee131
Apache Geronimo Application Server multiple cross-site scripting (XSS) vulnerabilities Moderate
CVE-2009-0038 was published for org.apache.geronimo.plugins:console (Maven) May 2, 2022
MarkLee131
Apache Geronimo Application Server CSRF vulnerabilities Moderate
CVE-2009-0039 was published for org.apache.geronimo.plugins:console (Maven) May 2, 2022
westonsteimel MarkLee131
Apache Tomcat Directory Traversal vulnerability Moderate
CVE-2008-2938 was published for org.apache.tomcat:tomcat (Maven) May 1, 2022
MarkLee131
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database