GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
2,366 advisories
Filter by severity
Improper Limitation of a Pathname to a Restricted Directory in Elasticsearch
Moderate
CVE-2015-5531
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 14, 2022
Cross-site Scripting in JavaMelody
Moderate
CVE-2018-12432
was published
for
net.bull.javamelody:javamelody-core
(Maven)
May 14, 2022
Improper Neutralization of Input During Web Page Generation in Apache Axis2
Moderate
CVE-2010-2103
was published
for
org.apache.axis2.wso2:axis2
(Maven)
May 14, 2022
Server-Side Request Forgery in Jenkins Git Plugin
Moderate
CVE-2018-1000182
was published
for
org.jenkins-ci.plugins:git
(Maven)
May 14, 2022
Improper Validation of Integrity Check Value in Bouncy Castle
Moderate
CVE-2018-5382
was published
for
org.bouncycastle:bcprov-jdk15on
(Maven)
May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Hadoop
Moderate
CVE-2016-5001
was published
for
org.apache.hadoop:hadoop-common
(Maven)
May 13, 2022
Improper Limitation of a Pathname to a Restricted Directory in JCraft JSch
Moderate
CVE-2016-5725
was published
for
com.jcraft:jsch
(Maven)
May 13, 2022
Missing XML Validation in Apache CXF
Moderate
CVE-2013-2160
was published
for
org.apache.cxf:cxf-rt-frontend-jaxrs
(Maven)
May 13, 2022
Cross-site scripting (XSS) vulnerability in Sun Java Server Faces (JSF)
Moderate
CVE-2008-1285
was published
for
com.sun.faces:jsf-api
(Maven)
May 1, 2022
Mortbay Jetty vulnerable to Cross-site scripting
Moderate
CVE-2007-5613
was published
for
org.mortbay.jetty:jetty
(Maven)
May 1, 2022
Integer Overflow or Wraparound in JBCrypt
Moderate
CVE-2015-0886
was published
for
org.mindrot:jbcrypt
(Maven)
May 13, 2022
Improper Authentication in Apache Tomcat
Moderate
CVE-2013-2067
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Improper Validation of Certificate with Host Mismatch in Shibboleth Identity Provider and OpenSAML Java
Moderate
CVE-2014-3603
was published
for
edu.internet2.middleware:shibboleth-identityprovider
(Maven)
May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
Moderate
CVE-2018-1000169
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
Improper Access Control in Apache Derby
Moderate
CVE-2018-1313
was published
for
org.apache.derby:derby
(Maven)
May 13, 2022
Cross-Site Request Forgery in Jenkins
Moderate
CVE-2017-2613
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Improper Authentication in Apache Kafka
Moderate
CVE-2017-12610
was published
for
org.apache.kafka:kafka-clients
(Maven)
May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
Moderate
CVE-2018-17244
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 13, 2022
Improper Limitation of a Pathname to a Restricted Directory in zt-zip
Moderate
CVE-2018-1002201
was published
for
org.zeroturnaround:zt-zip
(Maven)
May 13, 2022
Improper Restriction of XML External Entity Reference in Castor
Moderate
CVE-2014-3004
was published
for
org.codehaus.castor:castor
(Maven)
May 13, 2022
Improper Neutralization of Input During Web Page Generation in Apache Hadoop
Moderate
CVE-2017-3161
was published
for
org.apache.hadoop:hadoop-client
(Maven)
May 13, 2022
Injection in Jenkins
Moderate
CVE-2018-1000193
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Server-Side Request Forgery in Jenkins
Moderate
CVE-2018-1000067
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Cross-Site Request Forgery in Jenkins
Moderate
CVE-2018-1000195
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Improper Input Validation in Mortbay Jetty
Moderate
CVE-2006-2759
was published
for
org.mortbay.jetty:jetty
(Maven)
May 1, 2022
ProTip!
Advisories are also available from the
GraphQL API