GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,983
Erlang
29
GitHub Actions
16
Go
1,769
Maven
4,994
npm
3,540
NuGet
616
pip
3,113
Pub
10
RubyGems
838
Rust
787
Swift
34
Unreviewed advisories
All unreviewed
5,000+
2,367 advisories
Filter by severity
Improper Limitation of a Pathname to a Restricted Directory in zt-zip
Moderate
CVE-2018-1002201
was published
for
org.zeroturnaround:zt-zip
(Maven)
May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
Moderate
CVE-2018-1000169
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
Improper Access Control in Apache Derby
Moderate
CVE-2018-1313
was published
for
org.apache.derby:derby
(Maven)
May 13, 2022
Integer Overflow or Wraparound in JBCrypt
Moderate
CVE-2015-0886
was published
for
org.mindrot:jbcrypt
(Maven)
May 13, 2022
Improper Authentication in Apache Tomcat
Moderate
CVE-2013-2067
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Improper Validation of Certificate with Host Mismatch in Shibboleth Identity Provider and OpenSAML Java
Moderate
CVE-2014-3603
was published
for
edu.internet2.middleware:shibboleth-identityprovider
(Maven)
May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Hadoop
Moderate
CVE-2016-5001
was published
for
org.apache.hadoop:hadoop-common
(Maven)
May 13, 2022
Improper Limitation of a Pathname to a Restricted Directory in JCraft JSch
Moderate
CVE-2016-5725
was published
for
com.jcraft:jsch
(Maven)
May 13, 2022
Missing XML Validation in Apache CXF
Moderate
CVE-2013-2160
was published
for
org.apache.cxf:cxf-rt-frontend-jaxrs
(Maven)
May 13, 2022
Cross-site scripting (XSS) vulnerability in Sun Java Server Faces (JSF)
Moderate
CVE-2008-1285
was published
for
com.sun.faces:jsf-api
(Maven)
May 1, 2022
Mortbay Jetty vulnerable to Cross-site scripting
Moderate
CVE-2007-5613
was published
for
org.mortbay.jetty:jetty
(Maven)
May 1, 2022
Improper Restriction of Recursive Entity References in DTDs in Apache POI
Moderate
CVE-2017-5644
was published
for
org.apache.poi:poi
(Maven)
May 13, 2022
Improper Neutralization of Input During Web Page Generation in Apache Sling
Moderate
CVE-2015-2944
was published
for
org.apache.sling:org.apache.sling.api
(Maven)
May 13, 2022
Incorrect Authorization in Jenkins
Moderate
CVE-2017-2599
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Observable Discrepancy in BouncyCastle
Moderate
CVE-2017-13098
was published
for
org.bouncycastle:bcprov-jdk15on
(Maven)
May 13, 2022
Improper Neutralization of CRLF Sequences in HTTP Headers in Undertow
Moderate
CVE-2018-1067
was published
for
org.jboss.eap:wildfly-undertow
(Maven)
May 13, 2022
Improper Limitation of a Pathname to a Restricted Directory in Elasticsearch
Moderate
CVE-2015-5531
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 14, 2022
Cross-site Scripting in JavaMelody
Moderate
CVE-2018-12432
was published
for
net.bull.javamelody:javamelody-core
(Maven)
May 14, 2022
Improper Neutralization of Input During Web Page Generation in Apache Axis2
Moderate
CVE-2010-2103
was published
for
org.apache.axis2.wso2:axis2
(Maven)
May 14, 2022
Server-Side Request Forgery in Jenkins Git Plugin
Moderate
CVE-2018-1000182
was published
for
org.jenkins-ci.plugins:git
(Maven)
May 14, 2022
Improper Validation of Integrity Check Value in Bouncy Castle
Moderate
CVE-2018-5382
was published
for
org.bouncycastle:bcprov-jdk15on
(Maven)
May 13, 2022
Improper Input Validation in Apache Tomcat
Moderate
CVE-2011-4858
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Loop with Unreachable Exit Condition in Apache POI
Moderate
CVE-2014-9527
was published
for
org.apache.poi:poi
(Maven)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor Jenkins Script Security Plugin
Moderate
CVE-2017-1000505
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 14, 2022
Missing Authorization in Jenkins
Moderate
CVE-2017-1000400
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API