Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,062
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,622
NuGet
638
pip
3,233
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

103 advisories

Loading
Jenkins Cross-site Scripting vulnerability Moderate
CVE-2014-3681 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Improper Input Validation in Bouncy Castle Moderate
CVE-2013-1624 was published for org.bouncycastle:bcprov-jdk15on (Maven) May 14, 2022
Cross-Site Request Forgery in Apache Struts Moderate
CVE-2014-7809 was published for org.apache.struts:struts2-core (Maven) May 14, 2022
sunSUNQ
Cross-site scripting in Elasticsearch Moderate
CVE-2014-6439 was published for org.elasticsearch:elasticsearch (Maven) May 14, 2022
Apache Syncope uses a weak PNRG Moderate
CVE-2014-3503 was published for org.apache.syncope:syncope (Maven) May 14, 2022
Improper Neutralization of Input During Web Page Generation in JAMon Moderate
CVE-2013-6235 was published for com.jamonapi:jamon (Maven) May 14, 2022
Improper Neutralization of Input During Web Page Generation in Mojarra Moderate
CVE-2013-5855 was published for org.glassfish:javax.faces (Maven) May 14, 2022
Improper Certificate Validation in vt-ldap Moderate
CVE-2014-3607 was published for edu.internet2.middleware:shibboleth-identityprovider (Maven) May 14, 2022
Improper Validation of Certificate with Host Mismatch in Not Yet Commons SSL Moderate
CVE-2014-3604 was published for ca.juliusdavies:not-yet-commons-ssl (Maven) May 14, 2022
JBoss RichFaces Improper Input Validation vulnerability Moderate
CVE-2014-0086 was published for org.richfaces:richfaces (Maven) May 17, 2022
Denial of service in Apache Tomcat Moderate
CVE-2014-0095 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) May 17, 2022
q5438722 sunSUNQ
Jenkins secure flag not set on session cookies Moderate
CVE-2014-9634 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Jenkins HttpOnly flag not Set for session cookies Moderate
CVE-2014-9635 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Jenkins Path Traversal vulnerability Moderate
CVE-2014-3664 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Improper Input Validation in Apache POI Moderate
CVE-2014-3574 was published for org.apache.poi:poi (Maven) May 17, 2022
MarkLee131
Improper Restriction of XML External Entity Reference in Apache POI Moderate
CVE-2014-3529 was published for org.apache.poi:poi (Maven) May 17, 2022
MarkLee131
Jenkins cross-site scripting (XSS) vulnerability Moderate
CVE-2014-2067 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
sunSUNQ
Jenkins directory traversal vulnerability Moderate
CVE-2014-2059 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
sunSUNQ
Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy Moderate
CVE-2012-0818 was published for org.jboss.resteasy:resteasy-client (Maven) May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy Moderate
CVE-2011-5245 was published for org.jboss.resteasy:resteasy-jaxb-provider (Maven) May 17, 2022
Improper Authentication in Apache Hadoop Moderate
CVE-2014-0229 was published for org.apache.hadoop:hadoop-common (Maven) May 17, 2022
Loop with Unreachable Exit Condition in Apache POI Moderate
CVE-2014-9527 was published for org.apache.poi:poi (Maven) May 17, 2022
Path Traversal in Eclipse Mojarra Moderate
CVE-2013-3827 was published for org.glassfish:javax.faces (Maven) May 17, 2022
Improper Input Validation in Apache ActiveMQ Moderate
CVE-2015-6524 was published for org.apache.activemq:activemq-broker (Maven) May 17, 2022
sunSUNQ
Exposure of Sensitive Information to an Unauthorized Actor in Direct Web Remoting Moderate
CVE-2014-5325 was published for org.directwebremoting:dwr (Maven) May 17, 2022
ProTip! Advisories are also available from the GraphQL API