Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,983
Erlang
29
GitHub Actions
16
Go
1,769
Maven
4,994
npm
3,540
NuGet
616
pip
3,113
Pub
10
RubyGems
838
Rust
787
Swift
34
Unreviewed advisories
All unreviewed
5,000+

2,367 advisories

Loading
Missing Authorization in Jenkins Moderate
CVE-2017-1000400 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins Moderate
CVE-2018-1000192 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Improper Input Validation in Apache Tomcat Moderate
CVE-2011-4858 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
Limited Authentication Bypass for Media Files Moderate
CVE-2022-29237 was published for org.opencastproject:opencast-ingest-service-impl (Maven) May 25, 2022
lkiesow
Incorrect Authorization in Undertow Moderate
CVE-2017-12196 was published for io.undertow:undertow-core (Maven) May 13, 2022
Inadequate Encryption Strength in Jenkins Moderate
CVE-2017-2598 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Improper Restriction of XML External Entity Reference in Elasticsearch Moderate
CVE-2018-17247 was published for org.elasticsearch:elasticsearch (Maven) May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins Moderate
CVE-2017-2609 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Improper Limitation of a Pathname to a Restricted Directory in plexus-archiver Moderate
CVE-2018-1002200 was published for org.codehaus.plexus:plexus-archiver (Maven) May 13, 2022
Insecure Default Initialization of Resource in Pivotal Spring Web Flow Moderate
CVE-2017-4971 was published for org.springframework.webflow:spring-webflow (Maven) May 13, 2022
Improper Authorization in Jenkins Moderate
CVE-2018-1000408 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Incorrect Authorization in Jenkins Moderate
CVE-2018-1999047 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Oracle MySQL Connectors Java Moderate
CVE-2017-3586 was published for mysql:mysql-connector-java (Maven) May 13, 2022
Loop with Unreachable Exit Condition in Apache PDFBox Moderate
CVE-2018-8036 was published for org.apache.pdfbox:pdfbox (Maven) May 13, 2022
Improper Certificate Validation in OkHttp Moderate
CVE-2016-2402 was published for com.squareup.okhttp3:okhttp (Maven) May 13, 2022
Improper Restriction of XML External Entity Reference in Apache uimaj Moderate
CVE-2017-15691 was published for org.apache.uima:uimafit-core (Maven) May 14, 2022
TwitterServer Cross-site Scripting via /histograms endpoint Moderate
CVE-2020-35774 was published for com.twitter:twitter-server_2.12 (Maven) Feb 9, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Undertow Moderate
CVE-2018-14642 was published for io.undertow:undertow-core (Maven) May 13, 2022
Uncontrolled memory consumption Moderate
CVE-2021-31811 was published for org.apache.pdfbox:pdfbox (Maven) Jun 15, 2021
XStream can cause a Denial of Service Moderate
CVE-2021-39140 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
Apache Geronimo console 1.0 vulnerable to cross-site scripting Moderate
CVE-2006-0254 was published for geronimo:geronimo-console-standard (Maven) May 1, 2022
westonsteimel
Improper Input Validation in Apache Tomcat Moderate
CVE-2014-0033 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
Improper Input Validation in libpam4j Moderate
CVE-2017-12197 was published for org.kohsuke:libpam4j (Maven) May 13, 2022
Improper Neutralization of Input During Web Page Generation in Jenkins Moderate
CVE-2017-2607 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Improper Validation of Certificate with Host Mismatch in Not Yet Commons SSL Moderate
CVE-2014-3604 was published for ca.juliusdavies:not-yet-commons-ssl (Maven) May 14, 2022
ProTip! Advisories are also available from the GraphQL API