Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

2,362 advisories

Loading
Directory traversal in development mode handler in Vaadin 14 and 15-17 Moderate
GHSA-82mf-mmh7-hxp5 was published for com.vaadin:vaadin-bom (Maven) Apr 19, 2021
Improper Verification of Cryptographic Signature in aws-encryption-sdk-java Moderate
GHSA-55xh-53m6-936r was published for com.amazonaws:aws-encryption-sdk-java (Maven) Jun 1, 2021
Generation of Error Message Containing Sensitive Information in RESTEasy client Moderate
CVE-2020-25633 was published for org.jboss.resteasy:resteasy-client (Maven) Jun 3, 2021
J4nsen
Insecure temporary directory usage in frontend build functionality of Vaadin 14 and 15-19 Moderate
GHSA-c57f-4vp2-jqhm was published for com.vaadin:flow-server (Maven) May 6, 2021
Timing side channel vulnerability in endpoint request handler in Vaadin 15-19 Moderate
GHSA-9h6g-6mxg-vvp4 was published for com.vaadin:vaadin-bom (Maven) Apr 19, 2021
xhlika
Unauthorized property update in CheckboxGroup component in Vaadin 12-14 and 15-20 Moderate
GHSA-hw7r-qrhp-5pff was published for com.vaadin:vaadin-bom (Maven) Aug 30, 2021
Denial of service in DataCommunicator class in Vaadin 8 Moderate
GHSA-j23j-q57m-63v3 was published for com.vaadin:vaadin-server (Maven) Oct 13, 2021
Possible route enumeration in production mode via RouteNotFoundError view in Vaadin 10, 11-14, and 15-19 Moderate
GHSA-fr26-qjc8-mvjx was published for com.vaadin:flow-server (Maven) Oct 13, 2021
Vulnerable dependency in XTDB connector Moderate
GHSA-hwvm-vfw8-93mw was published for org.odpi.egeria:egeria-connector-xtdb (Maven) Dec 16, 2021
Stored Cross-Site Scripting (XSS) in Keycloak via groups dropdown Moderate
GHSA-755v-r4x4-qf7m was published for org.keycloak:keycloak-core (Maven) Nov 29, 2022
jxn0
Apiman Manager API affected by Jackson denial of service vulnerability Moderate
GHSA-q95j-488q-5q3p was published for io.apiman:apiman-manager-api-impl (Maven) Jan 9, 2023
Jinjava calls getClass Moderate
CVE-2018-18893 was published for com.hubspot.jinjava:jinjava (Maven) Jan 4, 2019
Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark Moderate
CVE-2018-1334 was published for org.apache.spark:spark-core_2.10 (Maven) Mar 14, 2019
Uncontrolled Resource Consumption in Spray JSON Moderate
CVE-2018-18855 was published for io.spray:spray-json (Maven) Jun 28, 2022
skylot jadx affected by Incorrect Behavior Order in vulnerable dependency Moderate
GHSA-fjh6-p566-wr6q was published for io.github.skylot:jadx-core (Maven) Jul 21, 2022
Roulettiq
Junrar vulnerable to Infinite Loop Moderate
CVE-2018-12418 was published for com.github.junrar:junrar (Maven) Oct 17, 2018
Injection in DeltaSpike Moderate
CVE-2019-12416 was published for org.apache.deltaspike:deltaspike (Maven) Feb 10, 2022
Java Merge-sort Insecure Temporary File vulnerability Moderate
CVE-2022-24913 was published for com.fasterxml.util:java-merge-sort (Maven) Jan 12, 2023
cookiejar Regular Expression Denial of Service via Cookie.parse function Moderate
CVE-2022-25901 was published for cookiejar (Maven) Jan 18, 2023
sno2
Keycloak has lack of validation of access token on client registrations endpoint Moderate
CVE-2023-0091 was published for org.keycloak:keycloak-core (Maven) Jan 12, 2023
XSS in MITREid Connect Moderate
CVE-2020-5497 was published for org.mitre:openid-connect-server (Maven) Apr 1, 2020
Cross-site request forgery vulnerability in Jenkins JIRA Pipeline Steps Plugin Moderate
CVE-2023-24437 was published for org.jenkins-ci.plugins:jira-steps (Maven) Jan 26, 2023
Improper Handling of Insufficient Permissions or Privileges in MySQL Connectors Java Moderate
CVE-2022-21363 was published for mysql:mysql-connector-java (Maven) Jan 20, 2022
Missing permission check in Jenkins SWAMP Plugin allows capturing credentials Moderate
CVE-2022-25211 was published for org.continuousassurance.swamp.jenkins:swamp (Maven) Feb 16, 2022
NotMyFault
CSRF vulnerability in Jenkins SWAMP Plugin allows capturing credentials Moderate
CVE-2022-25212 was published for org.continuousassurance.swamp.jenkins:swamp (Maven) Feb 16, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API