GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
65 advisories
Filter by severity
hornetq vulnerable to file overwrite, sensitive information disclosure
High
CVE-2024-51127
was published
for
org.hornetq:hornetq-core-client
(Maven)
Nov 4, 2024
Apache Pinot: Unauthorized endpoint exposed sensitive information
High
CVE-2024-39676
was published
for
org.apache.pinot:pinot-controller
(Maven)
Jul 24, 2024
Keycloak's admin API allows low privilege users to use administrative functions
High
CVE-2024-3656
was published
for
org.keycloak:keycloak-services
(Maven)
Jun 11, 2024
Keycloak exposes sensitive information in Pushed Authorization Requests (PAR)
High
CVE-2024-4540
was published
for
org.keycloak:keycloak-services
(Maven)
Jun 10, 2024
Duplicate Advisory: Keycloak exposes sensitive information in Pushed Authorization Requests (PAR)
High
GHSA-4vrx-8phj-x3mg
was published
for
org.keycloak:keycloak-services
(Maven)
Jun 3, 2024
•
withdrawn
Liferay Portal vulnerable to user impersonation
High
CVE-2024-25148
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 8, 2024
Apache Pulsar SASL Authentication Provider observable timing discrepancy vulnerability
High
CVE-2023-51437
was published
for
org.apache.pulsar:pulsar-broker-auth-sasl
(Maven)
Feb 7, 2024
Solr search discloses password hashes of all users
High
CVE-2023-50719
was published
for
org.xwiki.platform:xwiki-platform-search-solr-api
(Maven)
Dec 16, 2023
Apache DolphinScheduler sensitive information disclosure
High
CVE-2023-48796
was published
for
org.apache.dolphinscheduler:dolphinscheduler
(Maven)
Nov 24, 2023
Quarkus OIDC can leak both ID and access tokens
High
CVE-2023-1584
was published
for
io.quarkus:quarkus-oidc
(Maven)
Oct 4, 2023
Exposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-office-viewer
High
CVE-2023-29517
was published
for
org.xwiki.platform:xwiki-platform-office-viewer
(Maven)
Apr 20, 2023
XWiki Platform packages Expose Sensitive Information to an Unauthorized Actor
High
CVE-2023-26476
was published
for
org.xwiki.platform:xwiki-platform-livetable-ui
(Maven)
Mar 3, 2023
Apache CXF vulnerable to Exposure of Sensitive Information
High
CVE-2022-46363
was published
for
org.apache.cxf:cxf-core
(Maven)
Dec 13, 2022
Password exposure in H2 Database
High
CVE-2022-45868
was published
for
com.h2database:h2
(Maven)
Nov 23, 2022
Apache Archiva vulnerable to Sensitive Information Disclosure via anonymous user
High
CVE-2022-40308
was published
for
org.apache.archiva:archiva-common
(Maven)
Nov 15, 2022
ZK Framework vulnerable to malicious POST
High
CVE-2022-36537
was published
for
org.zkoss.zk:zk
(Maven)
Aug 27, 2022
xxl-job sensitive data exposure
High
CVE-2020-23811
was published
for
com.xuxueli:xxl-job
(Maven)
May 24, 2022
Improper Input Validation in Undertow
High
CVE-2020-1757
was published
for
io.undertow:undertow-core
(Maven)
May 24, 2022
Exposure of Sensitive Information in Apache Storm Logviewer
High
CVE-2019-0202
was published
for
org.apache.storm:storm-core
(Maven)
May 24, 2022
Apache Geode information disclosure vulnerability
High
CVE-2017-5649
was published
for
org.apache.geode:geode-core
(Maven)
May 17, 2022
Apache OpenMeetings displays Tomcat version and detailed error stack trace
High
CVE-2017-7683
was published
for
org.apache.openmeetings:openmeetings-parent
(Maven)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Qpid Broker for Java
High
CVE-2016-8741
was published
for
org.apache.qpid:qpid-broker
(Maven)
May 17, 2022
The Undertow module of WildFly allows source code disclosure
High
CVE-2015-3198
was published
for
org.wildfly:wildfly-parent
(Maven)
May 17, 2022
Apache Atlas produces Stack trace in error response
High
CVE-2017-3154
was published
for
org.apache.atlas:atlas-common
(Maven)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Directory LDAP API
High
CVE-2015-3250
was published
for
org.apache.directory.api:api-ldap-model
(Maven)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API