GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
65 advisories
Filter by severity
Jetty vulnerable to exposure of sensitive information to unauthenticated remote users
High
CVE-2015-2080
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Nov 9, 2018
Apache Ignite communicates to an external PHP server where sensitive information is sent
High
CVE-2017-7686
was published
for
org.apache.ignite:ignite-core
(Maven)
Oct 16, 2018
XML External Entity Injection in XStream
High
CVE-2016-3674
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Jun 30, 2020
Exposure of Sensitive Information to an Unauthorized Actor in Hadoop
High
CVE-2018-1296
was published
for
org.apache.hadoop:hadoop-main
(Maven)
Feb 12, 2019
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
High
CVE-2017-12616
was published
for
org.apache.tomcat:tomcat-catalina
(Maven)
May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
High
CVE-2018-3831
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Jasypt
High
CVE-2014-9970
was published
for
org.jasypt:jasypt
(Maven)
May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Directory LDAP API
High
CVE-2015-3250
was published
for
org.apache.directory.api:api-ldap-model
(Maven)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Sling Servlets Post
High
CVE-2016-0956
was published
for
org.apache.sling:org.apache.sling.servlets.post
(Maven)
May 14, 2022
Improper Input Validation in Undertow
High
CVE-2020-1757
was published
for
io.undertow:undertow-core
(Maven)
May 24, 2022
Jenkins Pipeline: Input Step Plugin
High
CVE-2017-1000108
was published
for
org.jenkins-ci.plugins:pipeline-input-step
(Maven)
May 17, 2022
Apache Geode OQL method invocation vulnerability
High
CVE-2017-9795
was published
for
org.apache.geode:geode-core
(Maven)
May 14, 2022
Apache Geode configuration request authorization vulnerability
High
CVE-2017-15696
was published
for
org.apache.geode:geode-core
(Maven)
May 14, 2022
Apache Geode information disclosure vulnerability
High
CVE-2017-5649
was published
for
org.apache.geode:geode-core
(Maven)
May 17, 2022
Apache Geode gfsh authorization vulnerability
High
CVE-2017-12622
was published
for
org.apache.geode:geode-core
(Maven)
May 14, 2022
Information Exposure in Apache Tapestry
High
CVE-2021-30638
was published
for
org.apache.tapestry:tapestry-core
(Maven)
Mar 18, 2022
Apache Archiva vulnerable to Sensitive Information Disclosure via anonymous user
High
CVE-2022-40308
was published
for
org.apache.archiva:archiva-common
(Maven)
Nov 15, 2022
Exposure of Sensitive Information in Apache Pluto
High
CVE-2018-1306
was published
for
org.apache.portals.pluto:pluto-container
(Maven)
May 14, 2022
Improper Removal of Sensitive Information Before Storage or Transfer in Apache Jackrabbit Oak
High
CVE-2020-1940
was published
for
org.apache.jackrabbit:oak-core
(Maven)
Dec 10, 2021
Exposure of Sensitive Information to an Unauthorized Actor in Apache Wicket
High
CVE-2020-11976
was published
for
org.apache.wicket:wicket-core
(Maven)
May 7, 2021
Exposure of Sensitive Information to an Unauthorized Actor in Concord
High
CVE-2020-10591
was published
for
com.walmartlabs.concord.docker:concord-common
(Maven)
Feb 10, 2022
JBoss AS may expose root content if excluded-contexts list is mismatched
High
CVE-2012-1094
was published
for
org.jboss.as:jboss-as-server
(Maven)
Apr 23, 2022
Apache OpenMeetings allows remote attackers to read arbitrary files by attempting to upload a file
High
CVE-2016-2164
was published
for
org.apache.openmeetings:openmeetings-parent
(Maven)
May 14, 2022
Apache OpenMeetings displays Tomcat version and detailed error stack trace
High
CVE-2017-7683
was published
for
org.apache.openmeetings:openmeetings-parent
(Maven)
May 17, 2022
Exposure of Sensitive Information in Apache Storm Logviewer
High
CVE-2019-0202
was published
for
org.apache.storm:storm-core
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API