GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,218
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
159 advisories
Filter by severity
Django allows unprivileged users to read the password hashes of arbitrary accounts
Moderate
CVE-2018-16984
was published
for
django
(pip)
Oct 3, 2018
Spring Framework Cross Site Tracing (XST)
Moderate
CVE-2018-11039
was published
for
org.springframework:spring-web
(Maven)
Oct 16, 2018
Moderate severity vulnerability that affects org.springframework:spring-core
Moderate
CVE-2018-11040
was published
for
org.springframework:spring-core
(Maven)
Oct 16, 2018
Apache Camel's Mail is vulnerable to path traversal
Moderate
CVE-2018-8041
was published
for
org.apache.camel:camel-mail
(Maven)
Oct 16, 2018
Apache Camel XML External Entity vulnerability
Moderate
CVE-2015-0263
was published
for
org.apache.camel:camel-core
(Maven)
Oct 16, 2018
Apache Camel allows remote actor to read arbitrary files via external entity in invalid XML string or GenericFile object
Moderate
CVE-2015-0264
was published
for
org.apache.camel:camel-core
(Maven)
Oct 16, 2018
Apache Tomcat Open Redirect vulnerability
Moderate
CVE-2018-11784
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Oct 17, 2018
Apache Tomcat unauthorized access vulnerability
Moderate
CVE-2018-1304
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Oct 17, 2018
Apache Tomcat information exposure vulnerability
Moderate
CVE-2018-1305
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Oct 17, 2018
Apache Tomcat Race Condition vulnerability
Moderate
CVE-2018-8037
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Oct 17, 2018
Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core
Moderate
CVE-2018-1199
was published
for
org.springframework.security:spring-security-core
(Maven)
Oct 17, 2018
Denial of Service in org.springframework:spring-core
Moderate
CVE-2018-1257
was published
for
org.springframework:spring-core
(Maven)
Oct 17, 2018
Path Traversal in org.springframework:spring-core
Moderate
CVE-2018-1271
was published
for
org.springframework:spring-core
(Maven)
Oct 17, 2018
Moderate severity vulnerability that affects org.springframework:spring-core
Moderate
CVE-2015-0201
was published
for
org.springframework:spring-core
(Maven)
Oct 17, 2018
Pivotal Spring Framework DoS Attack with XML Input
Moderate
CVE-2015-3192
was published
for
org.springframework:spring-web
(Maven)
Oct 17, 2018
Apache ActiveMQ web console vulnerable to Cross-site Scripting
Moderate
CVE-2018-8006
was published
for
org.apache.activemq:activemq-web-console
(Maven)
Oct 30, 2018
Django Denial-of-service possibility in truncatechars_html and truncatewords_html template filters
Moderate
CVE-2018-7537
was published
for
django
(pip)
Jan 4, 2019
Django open redirect and possible XSS attack via user-supplied numeric redirect URLs
Moderate
CVE-2017-7233
was published
for
Django
(pip)
Jan 4, 2019
Apache Airflow vulnerable to Stored XSS
Moderate
CVE-2018-20244
was published
for
apache-airflow
(pip)
Mar 6, 2019
Apache Airflow vulnerable to Stored XSS
Moderate
CVE-2019-0216
was published
for
apache-airflow
(pip)
Apr 12, 2019
Cross-site scripting in Apache Tomcat
Moderate
CVE-2019-0221
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
May 30, 2019
Django Cross-site Scripting in AdminURLFieldWidget
Moderate
CVE-2019-12308
was published
for
Django
(pip)
Jun 10, 2019
Deserialization of Untrusted Data in FasterXML jackson-databind
Moderate
CVE-2019-12384
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jul 5, 2019
Deserialization of untrusted data in FasterXML jackson-databind
Moderate
CVE-2019-12814
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jul 17, 2019
ProTip!
Advisories are also available from the
GraphQL API