GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
13 advisories
Filter by severity
Spring Security OAuth vulnerable to remote code execution (RCE) via specially crafted request using whitelabel views
High
CVE-2016-4977
was published
for
org.springframework.security.oauth:spring-security-oauth2
(Maven)
Oct 18, 2018
Improper handling of case sensitivity in Spring Framework
High
CVE-2022-22968
was published
for
org.springframework:spring-context
(Maven)
Apr 15, 2022
Regular expression denial of service (ReDoS) in EmailValidator class in Vaadin 7
High
CVE-2020-36320
was published
for
com.vaadin:vaadin-bom
(Maven)
Apr 19, 2021
Unsafe deserialization in com.alibaba:fastjson
High
CVE-2022-25845
was published
for
com.alibaba:fastjson
(Maven)
Jun 11, 2022
Denial of Service in Apache James
High
CVE-2021-40110
was published
for
org.apache.james:james-server
(Maven)
Jan 8, 2022
Security Constraint Bypass in Spring Security
High
CVE-2016-9879
was published
for
org.springframework.security:spring-security-core
(Maven)
Sep 15, 2020
Improper Restriction of XML External Entity Reference
High
CVE-2020-13692
was published
for
org.postgresql:postgresql
(Maven)
Feb 10, 2022
Improper Restriction of XML External Entity Reference in bedework:bw-webdav
High
CVE-2018-20000
was published
for
org.bedework:bw-webdav
(Maven)
Dec 19, 2018
HTTP Request Smuggling in Netty
High
CVE-2019-16869
was published
for
io.netty:netty-all
(Maven)
Oct 11, 2019
Arbitrary code execution in Apache Commons BeanUtils
High
CVE-2014-0114
was published
for
commons-beanutils:commons-beanutils
(Maven)
Jun 10, 2020
Remote Code Execution (RCE) vulnerability in dropwizard-validation
High
CVE-2020-5245
was published
for
io.dropwizard:dropwizard-validation
(Maven)
Feb 24, 2020
Denial of Service in Spring Framework
High
CVE-2018-15756
was published
for
org.springframework:spring-core
(Maven)
Jun 15, 2020
In Bouncy Castle JCE Provider it is possible to inject extra elements in the sequence making up the signature and still have it validate
High
CVE-2016-1000338
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 17, 2018
ProTip!
Advisories are also available from the
GraphQL API