Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,800
Erlang
36
GitHub Actions
29
Go
2,380
Maven
5,000+
npm
4,005
NuGet
720
pip
3,805
Pub
12
RubyGems
927
Rust
986
Swift
38
Unreviewed advisories
All unreviewed
5,000+

5,718 advisories

Loading
Signature wrapping vulnerability in Spring Security High
CVE-2020-5407 was published for org.springframework.security:spring-security-core (Maven) Jun 5, 2020
Directory traversal attack in Spring Cloud Config High
CVE-2020-5410 was published for org.springframework.cloud:spring-cloud-config-server (Maven) Jun 5, 2020
Directory traversal attack in Spring Cloud Config Moderate
CVE-2020-5405 was published for org.springframework.cloud:spring-cloud-config-server (Maven) Jun 5, 2020
File system access via H2 in Apache Ignite Critical
CVE-2020-1963 was published for org.apache.ignite:ignite-core (Maven) Jun 5, 2020
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender Low
CVE-2020-9488 was published for org.apache.logging.log4j:log4j (Maven) Jun 5, 2020
DmitriyLewen
Private key leak in Apache CXF High
CVE-2019-12423 was published for org.apache.cxf:apache-cxf (Maven) May 22, 2020
Apache Camel Netty enables Java deserialization by default Critical
CVE-2020-11973 was published for org.apache.camel:camel-netty (Maven) May 21, 2020
Apache ActiveMQ webconsole admin GUI is open to XSS Moderate
CVE-2020-1941 was published for org.apache.activemq:activemq-web-console (Maven) May 21, 2020
sunSUNQ
Code execution vulnerability in HtmlUnit High
CVE-2020-5529 was published for net.sourceforge.htmlunit:htmlunit (Maven) May 21, 2020
Remote code execution in Apache Commons Configuration Critical
CVE-2020-1953 was published for org.apache.commons:commons-configuration2 (Maven) May 21, 2020
Potential remote code execution in Apache Tomcat High
CVE-2020-9484 was published for org.apache.tomcat:tomcat-catalina (Maven) May 21, 2020
sunSUNQ
Cross-Site Scripting in jquery Moderate
CVE-2020-7656 was published for jQuery (RubyGems) May 20, 2020
klaudialax eoftedal
jackson-databind mishandles the interaction between serialization gadgets and typing Critical
CVE-2020-9547 was published for com.fasterxml.jackson.core:jackson-databind (Maven) May 15, 2020
Polymorphic deserialization of malicious object in jackson-databind High
CVE-2019-14893 was published for com.fasterxml.jackson.core:jackson-databind (Maven) May 15, 2020
jackson-databind mishandles the interaction between serialization gadgets and typing High
CVE-2020-10673 was published for com.fasterxml.jackson.core:jackson-databind (Maven) May 15, 2020
jackson-databind mishandles the interaction between serialization gadgets and typing Critical
CVE-2020-9548 was published for com.fasterxml.jackson.core:jackson-databind (Maven) May 15, 2020
sunSUNQ
Polymorphic deserialization of malicious object in jackson-databind High
CVE-2019-14892 was published for com.fasterxml.jackson.core:jackson-databind (Maven) May 15, 2020
jackson-databind mishandles the interaction between serialization gadgets and typing High
CVE-2020-10968 was published for com.fasterxml.jackson.core:jackson-databind (Maven) May 15, 2020
sunSUNQ
jackson-databind mishandles the interaction between serialization gadgets and typing High
CVE-2020-11111 was published for com.fasterxml.jackson.core:jackson-databind (Maven) May 15, 2020
jackson-databind mishandles the interaction between serialization gadgets and typing High
CVE-2020-11113 was published for com.fasterxml.jackson.core:jackson-databind (Maven) May 15, 2020
sunSUNQ
jackson-databind mishandles the interaction between serialization gadgets and typing High
CVE-2020-11619 was published for com.fasterxml.jackson.core:jackson-databind (Maven) May 15, 2020
path traversal in Jooby Moderate
CVE-2020-7647 was published for io.jooby:jooby (Maven) May 13, 2020
Exposure of Sensitive Information to an Unauthorized Actor in Apache Kafka High
CVE-2019-12399 was published for org.apache.kafka:kafka (Maven) May 12, 2020
Improper Validation of Certificate with Host Mismatch in Java-WebSocket High
CVE-2020-11050 was published for org.java-websocket:Java-WebSocket (Maven) May 8, 2020
p-
Improper Certificate Validation in Apache Beam High
CVE-2020-1929 was published for org.apache.beam:beam-sdks-java-io-mongodb (Maven) May 6, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database