Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

128 advisories

Loading
Improper Neutralization of Input During Web Page Generation in Spring Framework Moderate
CVE-2013-6430 was published for org.springframework:spring-web (Maven) May 5, 2022
sunSUNQ SunBK201
Loop with Unreachable Exit Condition in Apache CXF Moderate
CVE-2014-3584 was published for org.apache.cxf:cxf-rt-frontend-jaxrs (Maven) May 13, 2022
sunSUNQ SunBK201
Moderate severity vulnerability that affects org.springframework:spring-core Moderate
CVE-2018-11040 was published for org.springframework:spring-core (Maven) Oct 16, 2018
sunSUNQ SunBK201
Improper Authentication in Apache ActiveMQ Moderate
CVE-2013-3060 was published for org.apache.activemq:activemq-client (Maven) May 17, 2022
sunSUNQ
CSRF attack via CORS preflight requests with Spring MVC or Spring WebFlux Moderate
CVE-2020-5397 was published for org.springframework:spring-webflux (Maven) Jan 21, 2020
sunSUNQ
Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ Moderate
CVE-2014-8110 was published for org.apache.activemq:activemq-client (Maven) May 14, 2022
sunSUNQ
Spring Framework vulnerable to denial of service via specially crafted SpEL expression Moderate
CVE-2023-20861 was published for org.springframework:spring-expression (Maven) Mar 23, 2023
amita-seal sunSUNQ
Improper Neutralization of Input During Web Page Generation in Jenkins Moderate
CVE-2015-7536 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
sunSUNQ
Jenkins Cross-site Scripting vulnerability Moderate
CVE-2015-1812 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
sunSUNQ
Improper Limitation of a Pathname to a Restricted Directory in Spring Framework Moderate
CVE-2014-3578 was published for org.springframework:spring-core (Maven) May 14, 2022
sunSUNQ
Denial of Service in org.springframework:spring-core Moderate
CVE-2018-1257 was published for org.springframework:spring-core (Maven) Oct 17, 2018
sunSUNQ MarkLee131
Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core Moderate
CVE-2018-1199 was published for org.springframework.security:spring-security-core (Maven) Oct 17, 2018
sunSUNQ
Apache ActiveMQ Sensitive Information Disclosure via the Jetty ResourceHandler Moderate
CVE-2010-1587 was published for org.apache.activemq:activemq-web-console (Maven) May 14, 2022
sunSUNQ
Pivotal Spring Framework DoS Attack with XML Input Moderate
CVE-2015-3192 was published for org.springframework:spring-web (Maven) Oct 17, 2018
sunSUNQ
Deserialization of Untrusted Data in FasterXML jackson-databind Moderate
CVE-2019-12384 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jul 5, 2019
sunSUNQ
Deserialization of untrusted data in FasterXML jackson-databind Moderate
CVE-2019-12814 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jul 17, 2019
sunSUNQ
Apache ActiveMQ default configuration subject to denial of service Moderate
CVE-2012-6551 was published for org.apache.activemq:activemq-web-demo (Maven) May 17, 2022
sunSUNQ
Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ Moderate
CVE-2016-0734 was published for org.apache.activemq:activemq-client (Maven) May 14, 2022
sunSUNQ
Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ Moderate
CVE-2016-0782 was published for org.apache.activemq:activemq-client (Maven) May 14, 2022
sunSUNQ
Improper Neutralization of Input During Web Page Generation Apache ActiveMQ Moderate
CVE-2016-6810 was published for org.apache.activemq:activemq-client (Maven) May 14, 2022
sunSUNQ
Apache ActiveMQ web console vulnerable to Cross-site Scripting Moderate
CVE-2018-8006 was published for org.apache.activemq:activemq-web-console (Maven) Oct 30, 2018
sunSUNQ
Improper Authentication in Apache ActiveMQ Moderate
CVE-2020-13920 was published for org.apache.activemq:activemq-parent (Maven) Feb 9, 2022
sunSUNQ
Cross-site scripting (XSS) in Apache ActiveMQ Moderate
CVE-2020-13947 was published for org.apache.activemq:activemq-parent (Maven) Feb 9, 2022
sunSUNQ
Apache ActiveMQ webconsole admin GUI is open to XSS Moderate
CVE-2020-1941 was published for org.apache.activemq:activemq-web-console (Maven) May 21, 2020
sunSUNQ
Improper Control of Generation of Code ('Code Injection') in Spring Framework Moderate
CVE-2010-1622 was published for org.springframework:spring (Maven) May 17, 2022
sunSUNQ
ProTip! Advisories are also available from the GraphQL API