Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,413
Erlang
28
GitHub Actions
16
Go
1,651
Maven
4,914
npm
3,437
NuGet
594
pip
2,778
Pub
10
RubyGems
822
Rust
760
Swift
34
Unreviewed advisories
All unreviewed
5,000+

13 advisories

Cross-site scripting (XSS) vulnerability in the JMX console in JBoss Enterprise Application... Moderate Unreviewed
CVE-2011-4575 was published May 17, 2022
Cross-site request forgery (CSRF) vulnerability in the JMX Console (jmx-console) in JBoss... Moderate Unreviewed
CVE-2011-2908 was published May 17, 2022
The (1) JMXInvokerHAServlet and (2) EJBInvokerHAServlet invoker servlets in JBoss Enterprise... Moderate Unreviewed
CVE-2012-0874 was published May 17, 2022
JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before... Low Unreviewed
CVE-2012-2377 was published May 17, 2022
The CallerIdentityLoginModule in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web... Moderate Unreviewed
CVE-2012-3369 was published May 17, 2022
The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP)... Moderate Unreviewed
CVE-2012-3370 was published May 17, 2022
The AuthorizationInterceptor in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web... Moderate Unreviewed
CVE-2012-5478 was published May 17, 2022
The W3C XML Encryption Standard, as used in the JBoss Web Services (JBossWS) component in JBoss... Moderate Unreviewed
CVE-2011-1096 was published May 13, 2022
Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows... High Unreviewed
CVE-2013-2555 was published May 13, 2022
Cross-site scripting (XSS) vulnerability in the filter_draw_selection_area2 function in core... Moderate Unreviewed
CVE-2013-0197 was published May 5, 2022
The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0,... Low Unreviewed
CVE-2012-0034 was published May 4, 2022
twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials as command-line arguments,... Low Unreviewed
CVE-2009-5066 was published May 2, 2022
Use of a Broken or Risky Cryptographic Algorithm in Apache WSS4J Moderate
CVE-2011-2487 was published for org.apache.ws.security:wss4j (Maven) Apr 22, 2022
ProTip! Advisories are also available from the GraphQL API