GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,703
NuGet
661
pip
3,329
Pub
11
RubyGems
884
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+
729 advisories
Filter by severity
Timing attack on HMAC signature comparison in Apache Tapestry
Critical
CVE-2019-10071
was published
for
org.apache.tapestry:tapestry-core
(Maven)
Sep 26, 2019
Polymorphic Typing issue in FasterXML jackson-databind
Critical
CVE-2019-16335
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Sep 23, 2019
Polymorphic Typing issue in FasterXML jackson-databind
Critical
CVE-2019-14540
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Sep 23, 2019
Deserialization of untrusted data in FasterXML jackson-databind
Critical
CVE-2019-14379
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Aug 1, 2019
Deserialization of Untrusted Data in Apache Storm
Critical
CVE-2018-11779
was published
for
org.apache.storm:storm-kafka
(Maven)
Aug 1, 2019
Deserialization of Untrusted Data in EthereumJ
Critical
CVE-2018-15890
was published
for
org.ethereum:ethereumj-core
(Maven)
Jul 26, 2019
Deserialization of Untrusted Data and Code Injection in xstream
Critical
CVE-2019-10173
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Jul 26, 2019
Deserialization of Untrusted Data in jackson-databind
Critical
CVE-2018-11307
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jul 16, 2019
Vulnerability that affects org.apache.pdfbox:pdfbox
Critical
CVE-2019-0228
was published
for
org.apache.pdfbox:pdfbox
(Maven)
Jul 5, 2019
Server-Side Request Forgery in Hawt Hawtio
Critical
CVE-2019-9827
was published
for
io.hawt:hawtio-core
(Maven)
Jul 5, 2019
Credential exposure through log files in Undertow
Critical
CVE-2019-3888
was published
for
io.undertow:undertow-core
(Maven)
Jun 13, 2019
Command Injection in Xstream
Critical
CVE-2013-7285
was published
for
com.thoughtworks.xstream:xstream
(Maven)
May 29, 2019
Server-Side Request Forgery (SSRF) in com.ctrip.framework.apollo:apollo
Critical
CVE-2019-10686
was published
for
com.ctrip.framework.apollo:apollo
(Maven)
Apr 18, 2019
Improper Input Validation in net.sf.robocode:robocode.host allows for external service interaction
Critical
CVE-2019-10648
was published
for
net.sf.robocode:robocode.host
(Maven)
Apr 2, 2019
Critical severity vulnerability that affects org.apache.solr:solr-core
Critical
CVE-2019-0192
was published
for
org.apache.solr:solr-core
(Maven)
Mar 14, 2019
Unauthenticated Remote Code Execution in Apache JMeter
Critical
CVE-2019-0187
was published
for
org.apache.jmeter:ApacheJMeter
(Maven)
Mar 7, 2019
Incomplete List of Disallowed Inputs in SOFA-Hessian
Critical
CVE-2019-9212
was published
for
com.alipay.sofa:hessian
(Maven)
Mar 6, 2019
Vulnerability that affects org.springframework.ws:spring-ws and org.springframework.ws:spring-xml
Critical
CVE-2019-3773
was published
for
org.springframework.ws:spring-ws
(Maven)
Jan 25, 2019
XML External Entity Reference in Apache Karaf
Critical
CVE-2018-11788
was published
for
org.apache.karaf.specs:org.apache.karaf.specs.java.xml
(Maven)
Jan 7, 2019
XML External Entity Reference in mchange:c3p0
Critical
CVE-2018-20433
was published
for
com.mchange:c3p0
(Maven)
Jan 7, 2019
Arbitrary Code Execution in jackson-databind
Critical
CVE-2018-14719
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jan 4, 2019
XML External Entity Reference (XXE) in jackson-databind
Critical
CVE-2018-14720
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jan 4, 2019
Server-Side Request Forgery (SSRF) in jackson-databind
Critical
CVE-2018-14721
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jan 4, 2019
com.fasterxml.jackson.core:jackson-databind vulnerable to Deserialization of Untrusted Data
Critical
CVE-2018-19362
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jan 4, 2019
Deserialization of Untrusted Data in jackson-databind
Critical
CVE-2018-19361
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jan 4, 2019
ProTip!
Advisories are also available from the
GraphQL API