GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
103 advisories
Filter by severity
HornetQ REST vulnerable to Improper Restriction of XML External Entity Reference
Moderate
CVE-2014-3599
was published
for
org.hornetq.rest:hornetq-rest
(Maven)
May 24, 2022
Passwords stored in plain text by ElasTest Plugin
Moderate
CVE-2020-2274
was published
for
org.jenkins-ci.plugins:elastest
(Maven)
May 24, 2022
JBoss KeyCloak Open Redirect
Moderate
CVE-2014-3652
was published
for
org.keycloak:keycloak-services
(Maven)
May 17, 2022
JBoss KeyCloak Cross-site Scripting Vulnerability
Moderate
CVE-2014-3656
was published
for
org.keycloak:keycloak-core
(Maven)
May 17, 2022
JBoss KeyCloak is vulnerable to soft token deletion via CSRF
Moderate
CVE-2014-3655
was published
for
org.keycloak:keycloak-services
(Maven)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in JGroup
Moderate
CVE-2013-4112
was published
for
org.jgroups:jgroups
(Maven)
May 17, 2022
Apache Solr UpdateRequestHandler for XML resolves XML External Entities
Moderate
CVE-2013-6407
was published
for
org.apache.solr:solr-core
(Maven)
May 17, 2022
XML Injection in Apache Solr
Moderate
CVE-2013-6408
was published
for
org.apache.solr:solr-core
(Maven)
May 17, 2022
Cross-Site Request Forgery in Jolokia
Moderate
CVE-2014-0168
was published
for
org.jolokia:jolokia-core
(Maven)
May 17, 2022
Improper Neutralization of Input During Web Page Generation in Direct Web Remoting
Moderate
CVE-2014-5326
was published
for
org.directwebremoting:dwr
(Maven)
May 17, 2022
Improper Link Resolution Before File Access in Apache Hadoop
Moderate
CVE-2014-3627
was published
for
org.apache.hadoop:hadoop-client
(Maven)
May 17, 2022
Improper Neutralization of Input During Web Page Generation in Apache Solr
Moderate
CVE-2014-3628
was published
for
org.apache.solr:solr
(Maven)
May 17, 2022
Improper Control of Generation of Code in HawtJNI
Moderate
CVE-2013-2035
was published
for
org.fusesource.hawtjni:hawtjni-runtime
(Maven)
May 17, 2022
Improper Limitation of a Pathname to a Restricted Directory in JBoss Undertow
Moderate
CVE-2014-7816
was published
for
io.undertow:undertow-core
(Maven)
May 17, 2022
XML External Entity Reference in RESTEasy
Moderate
CVE-2014-7839
was published
for
org.jboss.resteasy:resteasy-jaxrs
(Maven)
May 17, 2022
Improper Limitation of a Pathname to a Restricted Directory in Apache Solr
Moderate
CVE-2013-6397
was published
for
org.apache.solr:solr-core
(Maven)
May 17, 2022
Jenkins allows attackers to execute arbitrary jobs
Moderate
CVE-2014-2058
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Jenkins allows attackers to configure restricted projects
Moderate
CVE-2013-7330
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Jenkins does not invalidate the API token when a user is deleted
Moderate
CVE-2014-2062
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Jenkin allows attackers to obtain passwords by reading the HTML source code
Moderate
CVE-2014-2061
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Jenkins allows attackers to determine whether a user exists
Moderate
CVE-2014-2064
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Jenkins Denial of Service vulnerability
Moderate
CVE-2014-3661
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Jenkins cross-site scripting (XSS) vulnerability
Moderate
CVE-2014-2065
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Jenkins session fixation vulnerability
Moderate
CVE-2014-2066
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Moderate
CVE-2014-3662
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API