GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
349 advisories
Filter by severity
Camel-castor component in Apache Camel is vulnerable to Java object de-serialisation
Critical
CVE-2017-12634
was published
for
org.apache.camel:camel-castor
(Maven)
Oct 16, 2018
Improper Control of Generation of Code in Apache Camel
Moderate
CVE-2013-4330
was published
for
org.apache.camel:camel-core
(Maven)
May 13, 2022
Apache Camel's XSLT component allows remote attackers to read arbitrary files
High
CVE-2014-0002
was published
for
org.apache.camel:camel-core
(Maven)
Oct 16, 2018
Apache Camel's XSLT component allows remote attackers to execute arbitrary Java methods
High
CVE-2014-0003
was published
for
org.apache.camel:camel-core
(Maven)
Oct 16, 2018
Apache Camel XML External Entity vulnerability
Moderate
CVE-2015-0263
was published
for
org.apache.camel:camel-core
(Maven)
Oct 16, 2018
Apache Camel allows remote actor to read arbitrary files via external entity in invalid XML string or GenericFile object
Moderate
CVE-2015-0264
was published
for
org.apache.camel:camel-core
(Maven)
Oct 16, 2018
Apache Camel's Mail is vulnerable to path traversal
Moderate
CVE-2018-8041
was published
for
org.apache.camel:camel-mail
(Maven)
Oct 16, 2018
Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE.
High
CVE-2017-5643
was published
for
org.apache.camel:camel-core
(Maven)
Oct 16, 2018
Camel-xstream component in Apache Camel can allow remote attackers to execute arbitrary commands
Critical
CVE-2015-5344
was published
for
org.apache.camel:camel-xstream
(Maven)
Oct 16, 2018
Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization
Critical
CVE-2017-3159
was published
for
org.apache.camel:camel-snakeyaml
(Maven)
Oct 16, 2018
Apache Camel can allow remote attackers to execute arbitrary commands
High
CVE-2015-5348
was published
for
org.apache.camel:camel-ahc
(Maven)
Oct 16, 2018
Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks
Critical
CVE-2016-8749
was published
for
org.apache.camel:camel-jackson
(Maven)
Oct 16, 2018
Denial of Service in Apache ActiveMQ
Moderate
CVE-2011-4905
was published
for
org.apache.activemq:activemq-core
(Maven)
May 17, 2022
Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ
Moderate
CVE-2013-1879
was published
for
org.apache.activemq:activemq-client
(Maven)
May 17, 2022
Apache ActiveMQ Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet
Moderate
CVE-2013-1880
was published
for
org.apache.activemq:activemq-core
(Maven)
May 17, 2022
Improper Neutralization of Special Elements used in an OS Command in Apache ActiveMQ
High
CVE-2014-3576
was published
for
org.apache.activemq:activemq-client
(Maven)
May 14, 2022
Improper Restriction of XML External Entity Reference in Apache ActiveMQ
Critical
CVE-2014-3600
was published
for
org.apache.activemq:activemq-broker
(Maven)
May 14, 2022
Improper Input Validation in Apache ActiveMQ
Moderate
CVE-2015-6524
was published
for
org.apache.activemq:activemq-broker
(Maven)
May 17, 2022
Improper Authentication in Apache WSS4J
High
CVE-2014-3612
was published
for
org.apache.activemq:activemq-broker
(Maven)
May 14, 2022
Improper Limitation of a Pathname to a Restricted Directory in Apache ActiveMQ
Moderate
CVE-2015-1830
was published
for
org.apache.activemq:activemq-client
(Maven)
May 14, 2022
Improper Input Validation in Apache ActiveMQ
Critical
CVE-2015-5254
was published
for
org.apache.activemq:activemq-client
(Maven)
May 13, 2022
Improper Input Validation and Missing Authentication for Critical Function in Apache ActiveMQ
Moderate
CVE-2015-7559
was published
for
org.apache.activemq:activemq-client
(Maven)
Aug 1, 2019
ActiveMQ's OpenWire protocol exposes certain system details as plain text
Low
CVE-2017-15709
was published
for
org.apache.activemq:activemq-openwire-generator
(Maven)
May 13, 2022
Improper Certificate Validation in Apache activemq-client
High
CVE-2018-11775
was published
for
org.apache.activemq:activemq-client
(Maven)
Oct 19, 2018
Apache is vulnerable to XXE in XSD validation processor
Critical
CVE-2018-8027
was published
for
org.apache.camel:camel-core
(Maven)
Oct 16, 2018
ProTip!
Advisories are also available from the
GraphQL API