GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
2,361 advisories
Filter by severity
Keycloak leaks sensitive information in logged exceptions
Moderate
CVE-2020-1698
was published
for
org.keycloak:keycloak-core
(Maven)
May 24, 2022
Cross-site Scripting in keycloak
Moderate
CVE-2020-10776
was published
for
org.keycloak:keycloak-server-spi-private
(Maven)
Feb 9, 2022
XSS in jQuery as used in Drupal, Backdrop CMS, and other products
Moderate
CVE-2019-11358
was published
for
django
(RubyGems)
Apr 26, 2019
Improper Input Validation in Jetty
Moderate
CVE-2011-4461
was published
for
org.eclipse.jetty:jetty-server
(Maven)
May 14, 2022
Path Traversal in Jenkins
Moderate
CVE-2018-1000406
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
BlazeMeter Jenkins plugin vulnerable to Cross-Site Request Forgery
Moderate
CVE-2024-3825
was published
for
com.blazemeter.plugins:BlazeMeterJenkinsPlugin
(Maven)
Apr 17, 2024
Improper Input Validation in Apache POI
Moderate
CVE-2014-3574
was published
for
org.apache.poi:poi
(Maven)
May 17, 2022
Improper Authentication in Hibernate Validator
Moderate
CVE-2014-3558
was published
for
org.hibernate:hibernate-validator
(Maven)
May 14, 2022
Improper Restriction of XML External Entity Reference in Apache POI
Moderate
CVE-2014-3529
was published
for
org.apache.poi:poi
(Maven)
May 17, 2022
Improper Input Validation in Apache Tomcat
Moderate
CVE-2014-0227
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Netty denial of service vulnerability
Moderate
CVE-2014-0193
was published
for
io.netty:netty
(Maven)
May 13, 2022
Improper Verification of Cryptographic Signature in org.apache.httpcomponents:httpclient
Moderate
CVE-2014-3577
was published
for
org.apache.httpcomponents:httpclient
(Maven)
Oct 17, 2018
Improper Input Validation in Apache Santuario XML Security
Moderate
CVE-2014-8152
was published
for
org.apache.santuario:xmlsec
(Maven)
May 13, 2022
Improper Input Validation in Apache Jackrabbit
Moderate
CVE-2015-1833
was published
for
org.apache.jackrabbit:jackrabbit-core
(Maven)
May 14, 2022
Path traversal in org.springframework.integration:spring-integration-zip
Moderate
CVE-2018-1261
was published
for
org.springframework.integration:spring-integration-zip
(Maven)
Oct 18, 2018
spring-integration-zip Arbitrary File Write
Moderate
CVE-2018-1263
was published
for
org.springframework.integration:spring-integration-zip
(Maven)
May 13, 2022
Moderate severity vulnerability that affects org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cxf.fediz:fediz-spring3
Moderate
CVE-2017-12631
was published
for
org.apache.cxf.fediz:fediz-spring
(Maven)
Oct 18, 2018
XWiki Platform CSRF in the job scheduler
Moderate
CVE-2024-31985
was published
for
org.xwiki.platform:xwiki-platform-scheduler-ui
(Maven)
Apr 10, 2024
XWiki Platform: Password hash might be leaked by diff once the xobject holding them is deleted
Moderate
CVE-2024-31464
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Apr 10, 2024
Withdrawn: JJWT improperly generates signing keys
Moderate
CVE-2024-31033
was published
for
io.jsonwebtoken:jjwt-impl
(Maven)
Apr 1, 2024
•
withdrawn
Bonita cross-site scripting vulnerability
Moderate
CVE-2024-27609
was published
for
org.bonitasoft.console:bonita-web-server
(Maven)
Apr 1, 2024
Elasticsearch Uncaught Exception leading to crash
Moderate
CVE-2024-23449
was published
for
org.elasticsearch:elasticsearch
(Maven)
Mar 29, 2024
TemporaryFolder on unix-like systems does not limit access to created files
Moderate
CVE-2022-41946
was published
for
org.postgresql:postgresql
(Maven)
Nov 23, 2022
Improper Authentication in Apache ActiveMQ
Moderate
CVE-2013-3060
was published
for
org.apache.activemq:activemq-client
(Maven)
May 17, 2022
Elasticsearch Incorrect Authorization vulnerability
Moderate
CVE-2024-23451
was published
for
org.elasticsearch:elasticsearch
(Maven)
Mar 27, 2024
ProTip!
Advisories are also available from the
GraphQL API