GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
176 advisories
Filter by severity
Moderate severity vulnerability that affects org.apache.qpid:proton-j
Moderate
CVE-2016-2166
was published
for
org.apache.qpid:proton-j
(Maven)
Oct 16, 2018
Apache Tika Server exposes sensitive information
Moderate
CVE-2015-3271
was published
for
org.apache.tika:tika-server
(Maven)
Oct 17, 2018
Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15
Moderate
CVE-2015-7940
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 17, 2018
Moderate severity vulnerability that affects org.apache.storm:storm-core
Moderate
CVE-2018-1332
was published
for
org.apache.storm:storm-core
(Maven)
Oct 17, 2018
Moderate severity vulnerability that affects org.apache.mesos:mesos
Moderate
CVE-2018-8023
was published
for
org.apache.mesos:mesos
(Maven)
Oct 17, 2018
keycloak-core vulnerable to timing attacks against JWS token verification
Moderate
CVE-2017-2585
was published
for
org.keycloak:keycloak-core
(Maven)
Oct 18, 2018
keycloak-core discloses system properties
Moderate
CVE-2017-2582
was published
for
org.keycloak:keycloak-core
(Maven)
Oct 18, 2018
Exposure of Sensitive Information to an Unauthorized Actor in Apache syncope-cope
Moderate
CVE-2018-1322
was published
for
org.apache.syncope:syncope-core
(Maven)
Nov 6, 2018
Moderate severity vulnerability that affects org.apache.hadoop:hadoop-main
Moderate
CVE-2017-15713
was published
for
org.apache.hadoop:hadoop-main
(Maven)
Dec 21, 2018
Moderate severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service
Moderate
CVE-2017-12625
was published
for
org.apache.hive:hive
(Maven)
Mar 14, 2019
Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark via crafted URL
Moderate
CVE-2018-8024
was published
for
org.apache.spark:spark-core_2.10
(Maven)
Mar 14, 2019
Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark
Moderate
CVE-2018-1334
was published
for
org.apache.spark:spark-core_2.10
(Maven)
Mar 14, 2019
Installation information leak in Eclipse Jetty
Moderate
CVE-2019-10247
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Apr 23, 2019
Information Exposure vulnerability in Eclipse Jetty
Moderate
CVE-2019-10246
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Apr 23, 2019
Exposure of Sensitive Information to an Unauthorized Actor in Keycloak
Moderate
CVE-2019-3868
was published
for
org.keycloak:keycloak-core
(Maven)
Apr 30, 2019
Exposure of Sensitive Information to an Unauthorized Actor and SQL Injection in Spring Data JPA
Moderate
CVE-2019-3797
was published
for
org.springframework.data:spring-data-jpa
(Maven)
May 14, 2019
Improper Neutralization of Wildcards or Matching Symbols
Moderate
CVE-2019-3802
was published
for
org.springframework.data:spring-data-jpa
(Maven)
Jun 4, 2019
Local file inclusion allows unauthorized access to internal resources in Alkacon OpenCms
Moderate
CVE-2019-13237
was published
for
org.opencms:opencms-core
(Maven)
Nov 12, 2019
Apache NiFi process group information disclosure
Moderate
CVE-2019-10083
was published
for
org.apache.nifi:nifi
(Maven)
Dec 2, 2019
Exposure of Sensitive Information to an Unauthorized Actor in Keycloak
Moderate
CVE-2019-14820
was published
for
org.keycloak:keycloak-core
(Maven)
Apr 15, 2020
IDOR can reveal execution data and logs to unauthorized user in Rundeck
Moderate
CVE-2020-11009
was published
for
org.rundeck:rundeck
(Maven)
Apr 29, 2020
Sensitive Data Exposure in Apache Ant
Moderate
CVE-2020-1945
was published
for
org.apache.ant:ant
(Maven)
Sep 14, 2020
TemporaryFolder on unix-like systems does not limit access to created files
Moderate
CVE-2020-15250
was published
for
junit:junit
(Maven)
Oct 12, 2020
Generated Code Contains Local Information Disclosure Vulnerability
Moderate
CVE-2021-21364
was published
for
io.swagger:swagger-codegen
(Maven)
Mar 11, 2021
Exposure of Sensitive Information to an Unauthorized Actor
Moderate
CVE-2021-22134
was published
for
org.elasticsearch:elasticsearch
(Maven)
Mar 18, 2021
ProTip!
Advisories are also available from the
GraphQL API