Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

732 advisories

Loading
Server-Side Request Forgery (SSRF) in jackson-databind Critical
CVE-2018-14721 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jan 4, 2019
com.fasterxml.jackson.core:jackson-databind vulnerable to Deserialization of Untrusted Data Critical
CVE-2018-19362 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jan 4, 2019
sunSUNQ
Deserialization of Untrusted Data in jackson-databind Critical
CVE-2018-19361 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jan 4, 2019
Deserialization of Untrusted Data in jackson-databind due to polymorphic deserialization Critical
CVE-2018-19360 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jan 4, 2019
G-Rath
Arbitrary Code Execution in jackson-databind Critical
CVE-2018-14718 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jan 4, 2019
Improper Access Control in commons-fileupload Critical
CVE-2016-1000031 was published for commons-fileupload:commons-fileupload (Maven) Dec 21, 2018
Exposure of Sensitive Information in Hadoop Critical
CVE-2017-15718 was published for org.apache.hadoop:hadoop-main (Maven) Dec 21, 2018
XML External Entity (XXE) vulnerability in Square Retrofit Critical
CVE-2018-1000844 was published for com.squareup.retrofit2:retrofit (Maven) Dec 21, 2018
Remote Code Execution in esigate-core Critical
CVE-2018-1000854 was published for org.esigate:esigate-core (Maven) Dec 21, 2018
XML External Entity (XXE) vulnerability in bw-calendar-engine Critical
CVE-2018-1000836 was published for org.bedework.caleng:bw-calendar-engine (Maven) Dec 20, 2018
exist-db:exist-core XML External Entity (XXE) vulnerability Critical
CVE-2018-1000823 was published for org.exist-db:exist-core (Maven) Dec 20, 2018
XML External Entity (XXE) vulnerability in codelibs fess Critical
CVE-2018-1000822 was published for org.codelibs.fess:fess (Maven) Dec 20, 2018
XML External Entity (XXE) vulnerability in neo4j.procedure:apoc Critical
CVE-2018-1000820 was published for org.neo4j.procedure:apoc (Maven) Dec 20, 2018
Improper Restriction of XML External Entity Reference in pippo-core Critical
CVE-2018-20059 was published for ro.pippo:pippo-core (Maven) Dec 19, 2018
MarkLee131
SQL Injection in hive-jdbc Critical
CVE-2018-1282 was published for org.apache.hive:hive-jdbc (Maven) Nov 21, 2018
Remote Code Execution in spark-core Critical
CVE-2018-17190 was published for org.apache.spark:spark-core_2.10 (Maven) Nov 21, 2018
Exposure of Sensitive information in authentikat-jwt Critical
CVE-2017-18239 was published for com.jason-goodwin:authentikat-jwt_2.12 (Maven) Nov 9, 2018
Credential leak in org.apache.directory.api:apache-ldap-api Critical
CVE-2018-1337 was published for org.apache.directory.api:apache-ldap-api (Maven) Nov 9, 2018
Unrestricted Upload of File with Dangerous Type in mingsoft:ms-mcms Critical
CVE-2018-18830 was published for net.mingsoft:ms-mcms (Maven) Nov 1, 2018
Deserialization of Untrusted Data in Pippo Critical
CVE-2018-18628 was published for ro.pippo:pippo-core (Maven) Oct 24, 2018
MarkLee131
Improper Input Validation in alilibaba:fastjson Critical
CVE-2017-18349 was published for com.alibaba:fastjson (Maven) Oct 24, 2018
Use of Insufficiently Random Values in penggle:kaptcha Critical
CVE-2018-18531 was published for com.github.penggle:kaptcha (Maven) Oct 23, 2018
Cryptographically Weak Pseudo-Random Number Generator (PRNG) in akka-actor Critical
CVE-2018-16115 was published for com.typesafe.akka:akka-actor_2.11 (Maven) Oct 22, 2018
Eclipse RDF4j vulnerable to XML External Entitiy Critical
CVE-2018-1000644 was published for org.eclipse.rdf4j:rdf4j-runtime (Maven) Oct 19, 2018
Apache Qpid Broker vulnerable to authentication port spoofing Critical
CVE-2017-15702 was published for org.apache.qpid:qpid-broker (Maven) Oct 19, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database