Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,983
Erlang
29
GitHub Actions
16
Go
1,769
Maven
4,994
npm
3,540
NuGet
616
pip
3,113
Pub
10
RubyGems
838
Rust
787
Swift
34
Unreviewed advisories
All unreviewed
5,000+

2,367 advisories

Loading
Improper Limitation of a Pathname to a Restricted Directory in zt-zip Moderate
CVE-2018-1002201 was published for org.zeroturnaround:zt-zip (Maven) May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins Moderate
CVE-2018-1000169 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Improper Access Control in Apache Derby Moderate
CVE-2018-1313 was published for org.apache.derby:derby (Maven) May 13, 2022
Integer Overflow or Wraparound in JBCrypt Moderate
CVE-2015-0886 was published for org.mindrot:jbcrypt (Maven) May 13, 2022
Improper Authentication in Apache Tomcat Moderate
CVE-2013-2067 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
Improper Validation of Certificate with Host Mismatch in Shibboleth Identity Provider and OpenSAML Java Moderate
CVE-2014-3603 was published for edu.internet2.middleware:shibboleth-identityprovider (Maven) May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Hadoop Moderate
CVE-2016-5001 was published for org.apache.hadoop:hadoop-common (Maven) May 13, 2022
Improper Limitation of a Pathname to a Restricted Directory in JCraft JSch Moderate
CVE-2016-5725 was published for com.jcraft:jsch (Maven) May 13, 2022
Missing XML Validation in Apache CXF Moderate
CVE-2013-2160 was published for org.apache.cxf:cxf-rt-frontend-jaxrs (Maven) May 13, 2022
Cross-site scripting (XSS) vulnerability in Sun Java Server Faces (JSF) Moderate
CVE-2008-1285 was published for com.sun.faces:jsf-api (Maven) May 1, 2022
Mortbay Jetty vulnerable to Cross-site scripting Moderate
CVE-2007-5613 was published for org.mortbay.jetty:jetty (Maven) May 1, 2022
Improper Restriction of Recursive Entity References in DTDs in Apache POI Moderate
CVE-2017-5644 was published for org.apache.poi:poi (Maven) May 13, 2022
Improper Neutralization of Input During Web Page Generation in Apache Sling Moderate
CVE-2015-2944 was published for org.apache.sling:org.apache.sling.api (Maven) May 13, 2022
Incorrect Authorization in Jenkins Moderate
CVE-2017-2599 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Observable Discrepancy in BouncyCastle Moderate
CVE-2017-13098 was published for org.bouncycastle:bcprov-jdk15on (Maven) May 13, 2022
Improper Neutralization of CRLF Sequences in HTTP Headers in Undertow Moderate
CVE-2018-1067 was published for org.jboss.eap:wildfly-undertow (Maven) May 13, 2022
Improper Limitation of a Pathname to a Restricted Directory in Elasticsearch Moderate
CVE-2015-5531 was published for org.elasticsearch:elasticsearch (Maven) May 14, 2022
Cross-site Scripting in JavaMelody Moderate
CVE-2018-12432 was published for net.bull.javamelody:javamelody-core (Maven) May 14, 2022
Improper Neutralization of Input During Web Page Generation in Apache Axis2 Moderate
CVE-2010-2103 was published for org.apache.axis2.wso2:axis2 (Maven) May 14, 2022
Server-Side Request Forgery in Jenkins Git Plugin Moderate
CVE-2018-1000182 was published for org.jenkins-ci.plugins:git (Maven) May 14, 2022
Improper Validation of Integrity Check Value in Bouncy Castle Moderate
CVE-2018-5382 was published for org.bouncycastle:bcprov-jdk15on (Maven) May 13, 2022
Improper Input Validation in Apache Tomcat Moderate
CVE-2011-4858 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
Loop with Unreachable Exit Condition in Apache POI Moderate
CVE-2014-9527 was published for org.apache.poi:poi (Maven) May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor Jenkins Script Security Plugin Moderate
CVE-2017-1000505 was published for org.jenkins-ci.plugins:script-security (Maven) May 14, 2022
Missing Authorization in Jenkins Moderate
CVE-2017-1000400 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
ProTip! Advisories are also available from the GraphQL API