Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

128 advisories

Loading
Spring Framework Cross Site Tracing (XST) Moderate
CVE-2018-11039 was published for org.springframework:spring-web (Maven) Oct 16, 2018
sunSUNQ
Moderate severity vulnerability that affects org.springframework:spring-core Moderate
CVE-2018-11040 was published for org.springframework:spring-core (Maven) Oct 16, 2018
sunSUNQ SunBK201
Apache Camel's Mail is vulnerable to path traversal Moderate
CVE-2018-8041 was published for org.apache.camel:camel-mail (Maven) Oct 16, 2018
MarkLee131 sunSUNQ
Apache Camel XML External Entity vulnerability Moderate
CVE-2015-0263 was published for org.apache.camel:camel-core (Maven) Oct 16, 2018
sunSUNQ
Apache Camel allows remote actor to read arbitrary files via external entity in invalid XML string or GenericFile object Moderate
CVE-2015-0264 was published for org.apache.camel:camel-core (Maven) Oct 16, 2018
sunSUNQ
Apache Tomcat Open Redirect vulnerability Moderate
CVE-2018-11784 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 17, 2018
sunSUNQ
Apache Tomcat unauthorized access vulnerability Moderate
CVE-2018-1304 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 17, 2018
sunSUNQ
Apache Tomcat information exposure vulnerability Moderate
CVE-2018-1305 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 17, 2018
sunSUNQ
Apache Tomcat Race Condition vulnerability Moderate
CVE-2018-8037 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 17, 2018
sunSUNQ
Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core Moderate
CVE-2018-1199 was published for org.springframework.security:spring-security-core (Maven) Oct 17, 2018
sunSUNQ
Denial of Service in org.springframework:spring-core Moderate
CVE-2018-1257 was published for org.springframework:spring-core (Maven) Oct 17, 2018
sunSUNQ MarkLee131
Path Traversal in org.springframework:spring-core Moderate
CVE-2018-1271 was published for org.springframework:spring-core (Maven) Oct 17, 2018
sunSUNQ MarkLee131
Moderate severity vulnerability that affects org.springframework:spring-core Moderate
CVE-2015-0201 was published for org.springframework:spring-core (Maven) Oct 17, 2018
sunSUNQ
Pivotal Spring Framework DoS Attack with XML Input Moderate
CVE-2015-3192 was published for org.springframework:spring-web (Maven) Oct 17, 2018
sunSUNQ
Apache ActiveMQ web console vulnerable to Cross-site Scripting Moderate
CVE-2018-8006 was published for org.apache.activemq:activemq-web-console (Maven) Oct 30, 2018
sunSUNQ
Cross-site scripting in Apache Tomcat Moderate
CVE-2019-0221 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) May 30, 2019
sunSUNQ
Deserialization of Untrusted Data in FasterXML jackson-databind Moderate
CVE-2019-12384 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jul 5, 2019
sunSUNQ
Deserialization of untrusted data in FasterXML jackson-databind Moderate
CVE-2019-12814 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jul 17, 2019
sunSUNQ
Improper Input Validation and Missing Authentication for Critical Function in Apache ActiveMQ Moderate
CVE-2015-7559 was published for org.apache.activemq:activemq-client (Maven) Aug 1, 2019
sunSUNQ
CSRF attack via CORS preflight requests with Spring MVC or Spring WebFlux Moderate
CVE-2020-5397 was published for org.springframework:spring-webflux (Maven) Jan 21, 2020
sunSUNQ
Apache ActiveMQ webconsole admin GUI is open to XSS Moderate
CVE-2020-1941 was published for org.apache.activemq:activemq-web-console (Maven) May 21, 2020
sunSUNQ
Information Disclosure in Apache Tomcat Moderate
CVE-2021-24122 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) May 13, 2021
sunSUNQ
HTTP Request Smuggling in Apache Tomcat Moderate
CVE-2021-33037 was published for org.apache.tomcat:tomcat (Maven) Aug 13, 2021
mrjonstrong sunSUNQ
Cross-site scripting (XSS) in Apache ActiveMQ Moderate
CVE-2020-13947 was published for org.apache.activemq:activemq-parent (Maven) Feb 9, 2022
sunSUNQ
Improper Authentication in Apache ActiveMQ Moderate
CVE-2020-13920 was published for org.apache.activemq:activemq-parent (Maven) Feb 9, 2022
sunSUNQ
ProTip! Advisories are also available from the GraphQL API