GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,983
Erlang
29
GitHub Actions
16
Go
1,769
Maven
4,994
npm
3,540
NuGet
616
pip
3,113
Pub
10
RubyGems
838
Rust
787
Swift
34
Unreviewed advisories
All unreviewed
5,000+
2,367 advisories
Filter by severity
Missing Authorization in Jenkins
Moderate
CVE-2017-1000400
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
Moderate
CVE-2018-1000192
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Improper Input Validation in Apache Tomcat
Moderate
CVE-2011-4858
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Limited Authentication Bypass for Media Files
Moderate
CVE-2022-29237
was published
for
org.opencastproject:opencast-ingest-service-impl
(Maven)
May 25, 2022
Incorrect Authorization in Undertow
Moderate
CVE-2017-12196
was published
for
io.undertow:undertow-core
(Maven)
May 13, 2022
Inadequate Encryption Strength in Jenkins
Moderate
CVE-2017-2598
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Improper Restriction of XML External Entity Reference in Elasticsearch
Moderate
CVE-2018-17247
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
Moderate
CVE-2017-2609
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Improper Limitation of a Pathname to a Restricted Directory in plexus-archiver
Moderate
CVE-2018-1002200
was published
for
org.codehaus.plexus:plexus-archiver
(Maven)
May 13, 2022
Insecure Default Initialization of Resource in Pivotal Spring Web Flow
Moderate
CVE-2017-4971
was published
for
org.springframework.webflow:spring-webflow
(Maven)
May 13, 2022
Improper Authorization in Jenkins
Moderate
CVE-2018-1000408
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Incorrect Authorization in Jenkins
Moderate
CVE-2018-1999047
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Oracle MySQL Connectors Java
Moderate
CVE-2017-3586
was published
for
mysql:mysql-connector-java
(Maven)
May 13, 2022
Loop with Unreachable Exit Condition in Apache PDFBox
Moderate
CVE-2018-8036
was published
for
org.apache.pdfbox:pdfbox
(Maven)
May 13, 2022
Improper Certificate Validation in OkHttp
Moderate
CVE-2016-2402
was published
for
com.squareup.okhttp3:okhttp
(Maven)
May 13, 2022
Improper Restriction of XML External Entity Reference in Apache uimaj
Moderate
CVE-2017-15691
was published
for
org.apache.uima:uimafit-core
(Maven)
May 14, 2022
TwitterServer Cross-site Scripting via /histograms endpoint
Moderate
CVE-2020-35774
was published
for
com.twitter:twitter-server_2.12
(Maven)
Feb 9, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Undertow
Moderate
CVE-2018-14642
was published
for
io.undertow:undertow-core
(Maven)
May 13, 2022
Uncontrolled memory consumption
Moderate
CVE-2021-31811
was published
for
org.apache.pdfbox:pdfbox
(Maven)
Jun 15, 2021
XStream can cause a Denial of Service
Moderate
CVE-2021-39140
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
Apache Geronimo console 1.0 vulnerable to cross-site scripting
Moderate
CVE-2006-0254
was published
for
geronimo:geronimo-console-standard
(Maven)
May 1, 2022
Improper Input Validation in Apache Tomcat
Moderate
CVE-2014-0033
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Improper Input Validation in libpam4j
Moderate
CVE-2017-12197
was published
for
org.kohsuke:libpam4j
(Maven)
May 13, 2022
Improper Neutralization of Input During Web Page Generation in Jenkins
Moderate
CVE-2017-2607
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Improper Validation of Certificate with Host Mismatch in Not Yet Commons SSL
Moderate
CVE-2014-3604
was published
for
ca.juliusdavies:not-yet-commons-ssl
(Maven)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API