GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,263
Erlang
31
GitHub Actions
21
Go
2,033
Maven
5,000+
npm
3,732
NuGet
662
pip
3,411
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
47 advisories
Filter by severity
Camel-castor component in Apache Camel is vulnerable to Java object de-serialisation
Critical
CVE-2017-12634
was published
for
org.apache.camel:camel-castor
(Maven)
Oct 16, 2018
Camel-xstream component in Apache Camel can allow remote attackers to execute arbitrary commands
Critical
CVE-2015-5344
was published
for
org.apache.camel:camel-xstream
(Maven)
Oct 16, 2018
Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization
Critical
CVE-2017-3159
was published
for
org.apache.camel:camel-snakeyaml
(Maven)
Oct 16, 2018
Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks
Critical
CVE-2016-8749
was published
for
org.apache.camel:camel-jackson
(Maven)
Oct 16, 2018
Improper Restriction of XML External Entity Reference in Apache ActiveMQ
Critical
CVE-2014-3600
was published
for
org.apache.activemq:activemq-broker
(Maven)
May 14, 2022
Improper Input Validation in Apache ActiveMQ
Critical
CVE-2015-5254
was published
for
org.apache.activemq:activemq-client
(Maven)
May 13, 2022
Apache is vulnerable to XXE in XSD validation processor
Critical
CVE-2018-8027
was published
for
org.apache.camel:camel-core
(Maven)
Oct 16, 2018
Arbitrary code execution in Apache Struts 2
Critical
CVE-2016-4438
was published
for
org.apache.struts:struts2-core
(Maven)
May 14, 2022
Apache Struts vulnerable to arbitrary remote code execution due to improper input validation
Critical
CVE-2016-3087
was published
for
org.apache.struts:struts2-core
(Maven)
May 14, 2022
Apache Struts improper action name cleanup
Critical
CVE-2016-4436
was published
for
org.apache.struts:struts2-core
(Maven)
May 17, 2022
Path Traversal in Apache Struts
Critical
CVE-2016-6795
was published
for
org.apache.struts:struts2-convention-plugin
(Maven)
May 14, 2022
Apache Struts 2.0.1 uses an unintentional expression in a Freemarker tag instead of string literal
Critical
CVE-2017-12611
was published
for
org.apache.struts:struts2-core
(Maven)
Oct 16, 2018
The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins
Critical
CVE-2018-8014
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Oct 17, 2018
Cloud Foundry Runtime Insufficient Session Expiration vulnerability
Critical
CVE-2015-5171
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 13, 2022
Cloud Foundry Runtime has Weak Password Recovery Mechanism for Forgotten Password
Critical
CVE-2015-5172
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 13, 2022
Cloud Foundry vulnerable to Cross-Site Request Forgery
Critical
CVE-2016-6637
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 13, 2022
Cloud Foundry UAA privilege escalation with user invitations
Critical
CVE-2017-4992
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 13, 2022
jackson-databind vulnerable to remote code execution due to incorrect deserialization and blocklist bypass
Critical
CVE-2017-17485
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Oct 18, 2018
jackson-databind is vulnerable to a deserialization flaw
Critical
CVE-2017-7525
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Oct 16, 2018
Deserialization of Untrusted Data in jackson-databind
Critical
CVE-2018-11307
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jul 16, 2019
Jenkins CLI Deserialization of Untrusted Data vulnerability
Critical
CVE-2015-8103
was published
for
org.jenkins-ci.main:cli
(Maven)
May 13, 2022
Improperly Implemented Security Check for Standard in org.springframework:spring-core
Critical
CVE-2018-1275
was published
for
org.springframework:spring-core
(Maven)
Oct 17, 2018
OS Command Injection in Apache Airflow
Critical
CVE-2022-38649
was published
for
apache-airflow
(pip)
Nov 22, 2022
Improper Neutralization of Special Elements used in an LDAP Query in Jenkins
Critical
CVE-2016-9299
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
Spring Framework is vulnerable to security bypass via mvcRequestMatcher pattern mismatch
Critical
CVE-2023-20860
was published
for
org.springframework:spring
(Maven)
Mar 28, 2023
ProTip!
Advisories are also available from the
GraphQL API