GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
4,821 advisories
Filter by severity
Contao Insert tag injection in forms
Moderate
CVE-2020-25768
was published
for
contao/contao
(Composer)
Sep 24, 2020
User Impersonation in converse.js
Moderate
CVE-2017-5858
was published
for
converse.js
(npm)
Sep 11, 2020
Ability to change order address without triggering address validations in solidus
Moderate
CVE-2020-15109
was published
for
solidus_api
(RubyGems)
Aug 4, 2020
Denial of Service in uap-core when processing crafted User-Agent strings
Moderate
CVE-2020-5243
was published
for
uap-core
(RubyGems)
Feb 20, 2020
Incorrect signature verification in SimpleSAMLphp
Moderate
CVE-2016-9955
was published
for
simplesamlphp/simplesamlphp
(Composer)
Jan 24, 2020
Improper input validation in Apache Santuario XML Security for Java
Moderate
CVE-2019-12400
was published
for
org.apache.santuario:xmlsec
(Maven)
Aug 27, 2019
Improper Input Validation and Missing Authentication for Critical Function in Apache ActiveMQ
Moderate
CVE-2015-7559
was published
for
org.apache.activemq:activemq-client
(Maven)
Aug 1, 2019
Insecure Default Configuration in redbird
Moderate
GHSA-8948-ffc6-jg52
was published
for
redbird
(npm)
Jun 6, 2019
Improper Input Validation in Apache Archiva
Moderate
CVE-2019-0214
was published
for
org.apache.archiva:archiva
(Maven)
May 14, 2019
Improper Input Validation in Django
Moderate
CVE-2019-3498
was published
for
Django
(pip)
Jan 14, 2019
Moderate severity vulnerability that affects com.fasterxml.jackson.datatype:jackson-datatype-jsr353
Moderate
CVE-2018-1000873
was published
for
com.fasterxml.jackson.datatype:jackson-datatype-jsr310
(Maven)
Dec 21, 2018
Moderate severity vulnerability that affects org.apache.oozie:oozie-core
Moderate
CVE-2018-11799
was published
for
org.apache.oozie:oozie-core
(Maven)
Dec 20, 2018
Moderate severity vulnerability that affects python-gnupg
Moderate
CVE-2014-1928
was published
for
python-gnupg
(pip)
Nov 6, 2018
python-gnupg vulnerable to shell injection
Moderate
CVE-2014-1929
was published
for
python-gnupg
(pip)
Nov 6, 2018
Improper Input Validation in org.wildfly:wildfly-undertow
Moderate
CVE-2018-1047
was published
for
org.wildfly:wildfly-undertow
(Maven)
Oct 19, 2018
Moderate severity vulnerability that affects org.apache.qpid:apache-qpid-broker-j
Moderate
CVE-2018-1298
was published
for
org.apache.qpid:apache-qpid-broker-j
(Maven)
Oct 19, 2018
OrientDB Studio web management interface is vulnerable to clickjacking attacks
Moderate
CVE-2015-2918
was published
for
com.orientechnologies:orientdb-studio
(Maven)
Oct 18, 2018
Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core
Moderate
CVE-2018-1199
was published
for
org.springframework.security:spring-security-core
(Maven)
Oct 17, 2018
Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc
Moderate
CVE-2017-0256
was published
for
Microsoft.AspNetCore.Mvc
(NuGet)
Oct 16, 2018
Improper Input Validation in org.apache.qpid:qpid-broker
Moderate
CVE-2016-3094
was published
for
org.apache.qpid:qpid-broker
(Maven)
Oct 16, 2018
Apache Struts Improper Input Validation vulnerability
Moderate
CVE-2017-7672
was published
for
org.apache.struts:struts2-core
(Maven)
Oct 16, 2018
Moderate severity vulnerability that affects org.apache.struts:struts2-rest-plugin
Moderate
CVE-2017-15707
was published
for
org.apache.struts:struts2-rest-plugin
(Maven)
Oct 16, 2018
Improper Input Validation in ansible
Moderate
CVE-2016-8647
was published
for
ansible
(pip)
Oct 10, 2018
ProTip!
Advisories are also available from the
GraphQL API