GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
5,183 advisories
Filter by severity
Command injection in org.apache.tika:tika-core
High
CVE-2018-1335
was published
for
org.apache.tika:tika-core
(Maven)
Oct 17, 2018
Apache Tika is vulnerable to entity expansions which can lead to a denial of service attack
High
CVE-2018-11796
was published
for
org.apache.tika:tika-core
(Maven)
Oct 17, 2018
Denial of service vulnerability in org.apache.httpcomponents:httpclient
Moderate
CVE-2015-5262
was published
for
org.apache.httpcomponents:httpclient
(Maven)
Oct 17, 2018
Improper certificate validation in org.apache.httpcomponents:httpclient
High
CVE-2012-6153
was published
for
org.apache.httpcomponents:httpclient
(Maven)
Oct 17, 2018
Improper Verification of Cryptographic Signature in org.apache.httpcomponents:httpclient
Moderate
CVE-2014-3577
was published
for
org.apache.httpcomponents:httpclient
(Maven)
Oct 17, 2018
Moderate severity vulnerability that affects org.restlet.jse:org.restlet
Moderate
CVE-2014-1868
was published
for
org.restlet.jse:org.restlet
(Maven)
Oct 17, 2018
Restlet Framework Ja-rs extension is vulnerable to XXE when using SimpleXMLProvider
High
CVE-2017-14868
was published
for
org.restlet.jse:org.restlet.ext.jaxrs
(Maven)
Oct 17, 2018
Restlet Framework allows remote attackers to access arbitrary files via a crafted REST API HTTP request
High
CVE-2017-14949
was published
for
org.restlet.jse:org.restlet
(Maven)
Oct 17, 2018
Junrar vulnerable to Infinite Loop
Moderate
CVE-2018-12418
was published
for
com.github.junrar:junrar
(Maven)
Oct 17, 2018
Apache Camel's XSLT component allows remote attackers to execute arbitrary Java methods
High
CVE-2014-0003
was published
for
org.apache.camel:camel-core
(Maven)
Oct 16, 2018
Apache Camel's XSLT component allows remote attackers to read arbitrary files
High
CVE-2014-0002
was published
for
org.apache.camel:camel-core
(Maven)
Oct 16, 2018
Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE.
High
CVE-2017-5643
was published
for
org.apache.camel:camel-core
(Maven)
Oct 16, 2018
Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks
Critical
CVE-2016-8749
was published
for
org.apache.camel:camel-jackson
(Maven)
Oct 16, 2018
Apache Camel can allow remote attackers to execute arbitrary commands
High
CVE-2015-5348
was published
for
org.apache.camel:camel-ahc
(Maven)
Oct 16, 2018
Camel-xstream component in Apache Camel can allow remote attackers to execute arbitrary commands
Critical
CVE-2015-5344
was published
for
org.apache.camel:camel-xstream
(Maven)
Oct 16, 2018
Apache Camel allows remote actor to read arbitrary files via external entity in invalid XML string or GenericFile object
Moderate
CVE-2015-0264
was published
for
org.apache.camel:camel-core
(Maven)
Oct 16, 2018
Apache Camel XML External Entity vulnerability
Moderate
CVE-2015-0263
was published
for
org.apache.camel:camel-core
(Maven)
Oct 16, 2018
Apache Camel's Mail is vulnerable to path traversal
Moderate
CVE-2018-8041
was published
for
org.apache.camel:camel-mail
(Maven)
Oct 16, 2018
Apache is vulnerable to XXE in XSD validation processor
Critical
CVE-2018-8027
was published
for
org.apache.camel:camel-core
(Maven)
Oct 16, 2018
Camel-castor component in Apache Camel is vulnerable to Java object de-serialisation
Critical
CVE-2017-12634
was published
for
org.apache.camel:camel-castor
(Maven)
Oct 16, 2018
Code execution via deserialization in org.apache.ignite:ignite-core
Critical
CVE-2018-8018
was published
for
org.apache.ignite:ignite-core
(Maven)
Oct 16, 2018
Apache serialization mechanism does not have a list of classes allowed for serialization/deserialization
Critical
CVE-2018-1295
was published
for
org.apache.ignite:ignite-core
(Maven)
Oct 16, 2018
Moderate severity vulnerability that affects org.apache.ignite:ignite-core
Moderate
CVE-2016-6805
was published
for
org.apache.ignite:ignite-core
(Maven)
Oct 16, 2018
Apache Ignite communicates to an external PHP server where sensitive information is sent
High
CVE-2017-7686
was published
for
org.apache.ignite:ignite-core
(Maven)
Oct 16, 2018
Moderate severity vulnerability that affects apache axis
Moderate
CVE-2018-8032
was published
for
axis:axis
(Maven)
Oct 16, 2018
ProTip!
Advisories are also available from the
GraphQL API