GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
176 advisories
Filter by severity
Jenkins Credentials plugin reveals encrypted values of credentials to users with Extended Read permission
Moderate
CVE-2024-47805
was published
for
org.jenkins-ci.plugins:credentials
(Maven)
Oct 2, 2024
org.xwiki.platform:xwiki-platform-notifications-ui leaks data of notification filters of users
Moderate
CVE-2024-46979
was published
for
org.xwiki.platform:xwiki-platform-notifications-ui
(Maven)
Sep 18, 2024
Apereo CAS vulnerable to credential leaks for LDAP authentication
Moderate
CVE-2023-28857
was published
for
org.apereo.cas:cas-server-support-x509-core
(Maven)
Aug 5, 2024
Apache RocketMQ Vulnerable to Unauthorized Exposure of Sensitive Data
Moderate
CVE-2024-23321
was published
for
org.apache.rocketmq:rocketmq-all
(Maven)
Jul 22, 2024
GeoServer's Server Status shows sensitive environmental variables and Java properties
Moderate
CVE-2024-34696
was published
for
org.geoserver.web:gs-web-app
(Maven)
Jul 1, 2024
Elasticsearch Remote Cluster Search Cross Cluster API Key insufficient restrictions
Moderate
CVE-2024-23445
was published
for
org.elasticsearch:elasticsearch
(Maven)
Jun 12, 2024
BoringSSLAEADContext in Netty Repeats Nonces
Moderate
CVE-2024-36121
was published
for
io.netty.incubator:netty-incubator-codec-ohttp
(Maven)
Jun 5, 2024
Jberet: jberet-core logging database credentials
Moderate
CVE-2024-1102
was published
for
org.jberet:jberet-core
(Maven)
Apr 25, 2024
XWiki Platform: Password hash might be leaked by diff once the xobject holding them is deleted
Moderate
CVE-2024-31464
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Apr 10, 2024
Eclipse Vert.x memory leak
Moderate
CVE-2024-1023
was published
for
io.vertx:vertx-core
(Maven)
Mar 27, 2024
Apache ZooKeeper vulnerable to information disclosure in persistent watchers handling
Moderate
CVE-2024-23944
was published
for
org.apache.zookeeper:zookeeper
(Maven)
Mar 15, 2024
Apache Solr's Streaming Expressions allow users to extract data from other Solr Clouds
Moderate
CVE-2023-50298
was published
for
org.apache.solr:solr-solrj
(Maven)
Feb 9, 2024
Shared projects are unconditionally discovered by Jenkins GitLab Branch Source Plugin
Moderate
CVE-2024-23901
was published
for
io.jenkins.plugins:gitlab-branch-source
(Maven)
Jan 24, 2024
Apache Solr allows read access to host environmet variables
Moderate
CVE-2023-50290
was published
for
org.apache.solr:solr-core
(Maven)
Jan 15, 2024
Solr search discloses email addresses of users
Moderate
CVE-2023-50720
was published
for
org.xwiki.platform:xwiki-platform-search-solr-api
(Maven)
Dec 16, 2023
Displayed in plain text by Dingding JSON Pusher Plugin
Moderate
CVE-2023-50773
was published
for
com.zintow:dingding-json-pusher
(Maven)
Dec 13, 2023
Quarkus Cache Runtime exposes sensitive information to an unauthorized actor
Moderate
CVE-2023-6393
was published
for
io.quarkus:quarkus-cache
(Maven)
Dec 6, 2023
Apache DolphinScheduler Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Moderate
CVE-2023-49068
was published
for
org.apache.dolphinscheduler:dolphinscheduler-api
(Maven)
Nov 27, 2023
wildfly-core Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Moderate
CVE-2023-4061
was published
for
org.wildfly.core:wildfly-controller
(Maven)
Nov 8, 2023
Jenkins Warnings Plugin exposures system-scoped credentials
Moderate
CVE-2023-46651
was published
for
io.jenkins.plugins:warnings-ng
(Maven)
Oct 25, 2023
Jenkins Gogs Plugin vulnerable to unsafe default behavior and information disclosure
Moderate
CVE-2023-40348
was published
for
org.jenkins-ci.plugins:gogs-webhook
(Maven)
Aug 16, 2023
Credential leakage in Jenkins Plug-in for ServiceNow
Moderate
CVE-2023-3414
was published
for
io.jenkins.plugins:servicenow-devops
(Maven)
Jul 26, 2023
Apache MINA SSHD information disclosure vulnerability
Moderate
CVE-2023-35887
was published
for
org.apache.sshd:sshd-common
(Maven)
Jul 10, 2023
Vaadin vulnerable to possible information disclosure in non visible components.
Moderate
CVE-2023-25499
was published
for
com.vaadin:flow-server
(Maven)
Jun 22, 2023
XWiki Platform's tags on non-viewable pages can be revealed to users
Moderate
CVE-2023-34466
was published
for
org.xwiki.platform:xwiki-platform-tag-api
(Maven)
Jun 20, 2023
ProTip!
Advisories are also available from the
GraphQL API