GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
63 advisories
Filter by severity
Apache Atlas produces Stack trace in error response
High
CVE-2017-3154
was published
for
org.apache.atlas:atlas-common
(Maven)
May 17, 2022
Apache Sling Authentication Service vulnerability
High
CVE-2017-15700
was published
for
org.apache.sling:org.apache.sling.auth.core
(Maven)
May 14, 2022
Apache Pinot: Unauthorized endpoint exposed sensitive information
High
CVE-2024-39676
was published
for
org.apache.pinot:pinot-controller
(Maven)
Jul 24, 2024
Keycloak exposes sensitive information in Pushed Authorization Requests (PAR)
High
CVE-2024-4540
was published
for
org.keycloak:keycloak-services
(Maven)
Jun 10, 2024
Duplicate Advisory: Keycloak exposes sensitive information in Pushed Authorization Requests (PAR)
High
GHSA-4vrx-8phj-x3mg
was published
for
org.keycloak:keycloak-services
(Maven)
Jun 3, 2024
•
withdrawn
Apache Pulsar SASL Authentication Provider observable timing discrepancy vulnerability
High
CVE-2023-51437
was published
for
org.apache.pulsar:pulsar-broker-auth-sasl
(Maven)
Feb 7, 2024
Password exposure in H2 Database
High
CVE-2022-45868
was published
for
com.h2database:h2
(Maven)
Nov 23, 2022
Quarkus OIDC can leak both ID and access tokens
High
CVE-2023-1584
was published
for
io.quarkus:quarkus-oidc
(Maven)
Oct 4, 2023
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
High
CVE-2020-17527
was published
for
org.apache.tomcat:tomcat-coyote
(Maven)
Feb 9, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
High
CVE-2017-5647
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Apache Tomcat allows remote attackers to read data that was intended to be associated with a different request
High
CVE-2016-8747
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Cloud Foundry UAA SessionID present in Audit Event Logs
High
CVE-2018-1192
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 14, 2022
Liferay Portal vulnerable to user impersonation
High
CVE-2024-25148
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 8, 2024
Apache Tomcat Source Code Disclosure
High
CVE-2002-1394
was published
for
org.apache.tomcat:tomcat
(Maven)
Apr 30, 2022
Apache MyFaces Vulnerable to EL Injection
High
CVE-2011-4343
was published
for
org.apache.myfaces.core:myfaces-core-module
(Maven)
May 17, 2022
Jenkins Accurev Plugin CSRF vulnerability and missing permission checks
High
CVE-2018-1999028
was published
for
org.jenkins-ci.plugins:accurev
(Maven)
May 13, 2022
Solr search discloses password hashes of all users
High
CVE-2023-50719
was published
for
org.xwiki.platform:xwiki-platform-search-solr-api
(Maven)
Dec 16, 2023
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
High
CVE-2018-1000410
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
Exposure of Sensitive Information in Jenkins Kubernetes Plugin
High
CVE-2018-1999040
was published
for
org.csanchez.jenkins.plugins:kubernetes
(Maven)
May 13, 2022
CSRF vulnerability and missing permission checks in GitHub Plugin allowed capturing credentials
High
CVE-2018-1000600
was published
for
com.coravy.hudson.plugins.github:github
(Maven)
May 13, 2022
CSRF vulnerability and missing permission checks in Openstack Cloud Plugin allowed capturing credentials
High
CVE-2018-1000603
was published
for
org.jenkins-ci.plugins:openstack-cloud
(Maven)
May 13, 2022
Opencast publishes global system account credentials
High
CVE-2018-16153
was published
for
org.opencastproject:opencast-common
(Maven)
Dec 14, 2021
Apache DolphinScheduler sensitive information disclosure
High
CVE-2023-48796
was published
for
org.apache.dolphinscheduler:dolphinscheduler
(Maven)
Nov 24, 2023
Exposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-office-viewer
High
CVE-2023-29517
was published
for
org.xwiki.platform:xwiki-platform-office-viewer
(Maven)
Apr 20, 2023
Apache Tomcat allows remote attackers to read JSP source files
High
CVE-2005-4836
was published
for
org.apache.tomcat:tomcat
(Maven)
May 1, 2022
ProTip!
Advisories are also available from the
GraphQL API