GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,049
Erlang
29
GitHub Actions
18
Go
1,871
Maven
5,000+
npm
3,597
NuGet
638
pip
3,198
Pub
10
RubyGems
852
Rust
809
Swift
35
Unreviewed advisories
All unreviewed
5,000+
2,398 advisories
Filter by severity
Reflected cross-site scripting in default RouteNotFoundError view in Vaadin 10 and 11-13
Moderate
GHSA-jqj4-r483-4gvr
was published
for
com.vaadin:vaadin-bom
(Maven)
Apr 19, 2021
Improper Verification of Cryptographic Signature in aws-encryption-sdk-java
Moderate
GHSA-55xh-53m6-936r
was published
for
com.amazonaws:aws-encryption-sdk-java
(Maven)
Jun 1, 2021
Generation of Error Message Containing Sensitive Information in RESTEasy client
Moderate
CVE-2020-25633
was published
for
org.jboss.resteasy:resteasy-client
(Maven)
Jun 3, 2021
Insecure temporary directory usage in frontend build functionality of Vaadin 14 and 15-19
Moderate
GHSA-c57f-4vp2-jqhm
was published
for
com.vaadin:flow-server
(Maven)
May 6, 2021
Timing side channel vulnerability in endpoint request handler in Vaadin 15-19
Moderate
GHSA-9h6g-6mxg-vvp4
was published
for
com.vaadin:vaadin-bom
(Maven)
Apr 19, 2021
Unauthorized property update in CheckboxGroup component in Vaadin 12-14 and 15-20
Moderate
GHSA-hw7r-qrhp-5pff
was published
for
com.vaadin:vaadin-bom
(Maven)
Aug 30, 2021
Denial of service in DataCommunicator class in Vaadin 8
Moderate
GHSA-j23j-q57m-63v3
was published
for
com.vaadin:vaadin-server
(Maven)
Oct 13, 2021
Possible route enumeration in production mode via RouteNotFoundError view in Vaadin 10, 11-14, and 15-19
Moderate
GHSA-fr26-qjc8-mvjx
was published
for
com.vaadin:flow-server
(Maven)
Oct 13, 2021
Vulnerable dependency in XTDB connector
Moderate
GHSA-hwvm-vfw8-93mw
was published
for
org.odpi.egeria:egeria-connector-xtdb
(Maven)
Dec 16, 2021
Stored Cross-Site Scripting (XSS) in Keycloak via groups dropdown
Moderate
GHSA-755v-r4x4-qf7m
was published
for
org.keycloak:keycloak-core
(Maven)
Nov 29, 2022
Apiman Manager API affected by Jackson denial of service vulnerability
Moderate
GHSA-q95j-488q-5q3p
was published
for
io.apiman:apiman-manager-api-impl
(Maven)
Jan 9, 2023
Jinjava calls getClass
Moderate
CVE-2018-18893
was published
for
com.hubspot.jinjava:jinjava
(Maven)
Jan 4, 2019
Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark
Moderate
CVE-2018-1334
was published
for
org.apache.spark:spark-core_2.10
(Maven)
Mar 14, 2019
Uncontrolled Resource Consumption in Spray JSON
Moderate
CVE-2018-18855
was published
for
io.spray:spray-json
(Maven)
Jun 28, 2022
skylot jadx affected by Incorrect Behavior Order in vulnerable dependency
Moderate
GHSA-fjh6-p566-wr6q
was published
for
io.github.skylot:jadx-core
(Maven)
Jul 21, 2022
Junrar vulnerable to Infinite Loop
Moderate
CVE-2018-12418
was published
for
com.github.junrar:junrar
(Maven)
Oct 17, 2018
Injection in DeltaSpike
Moderate
CVE-2019-12416
was published
for
org.apache.deltaspike:deltaspike
(Maven)
Feb 10, 2022
Java Merge-sort Insecure Temporary File vulnerability
Moderate
CVE-2022-24913
was published
for
com.fasterxml.util:java-merge-sort
(Maven)
Jan 12, 2023
cookiejar Regular Expression Denial of Service via Cookie.parse function
Moderate
CVE-2022-25901
was published
for
cookiejar
(Maven)
Jan 18, 2023
Keycloak has lack of validation of access token on client registrations endpoint
Moderate
CVE-2023-0091
was published
for
org.keycloak:keycloak-core
(Maven)
Jan 12, 2023
XSS in MITREid Connect
Moderate
CVE-2020-5497
was published
for
org.mitre:openid-connect-server
(Maven)
Apr 1, 2020
Cross-site request forgery vulnerability in Jenkins JIRA Pipeline Steps Plugin
Moderate
CVE-2023-24437
was published
for
org.jenkins-ci.plugins:jira-steps
(Maven)
Jan 26, 2023
Improper Handling of Insufficient Permissions or Privileges in MySQL Connectors Java
Moderate
CVE-2022-21363
was published
for
mysql:mysql-connector-java
(Maven)
Jan 20, 2022
CSRF vulnerability in Jenkins SWAMP Plugin allows capturing credentials
Moderate
CVE-2022-25212
was published
for
org.continuousassurance.swamp.jenkins:swamp
(Maven)
Feb 16, 2022
Missing permission check in Jenkins SWAMP Plugin allows capturing credentials
Moderate
CVE-2022-25211
was published
for
org.continuousassurance.swamp.jenkins:swamp
(Maven)
Feb 16, 2022
ProTip!
Advisories are also available from the
GraphQL API