GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
63 advisories
Filter by severity
Apache Sling Authentication Service vulnerability
High
CVE-2017-15700
was published
for
org.apache.sling:org.apache.sling.auth.core
(Maven)
May 14, 2022
Apache Geode gfsh authorization vulnerability
High
CVE-2017-12622
was published
for
org.apache.geode:geode-core
(Maven)
May 14, 2022
Apache Sling JCR ContentLoader XmlReader Arbitrary File Load
High
CVE-2012-3353
was published
for
org.apache.sling:org.apache.sling.jcr.contentloader
(Maven)
May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Jasypt
High
CVE-2014-9970
was published
for
org.jasypt:jasypt
(Maven)
May 14, 2022
Cloud Foundry UAA SessionID present in Audit Event Logs
High
CVE-2018-1192
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 14, 2022
Apache Geode configuration request authorization vulnerability
High
CVE-2017-15696
was published
for
org.apache.geode:geode-core
(Maven)
May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Sling Servlets Post
High
CVE-2016-0956
was published
for
org.apache.sling:org.apache.sling.servlets.post
(Maven)
May 14, 2022
Apache OpenMeetings allows remote attackers to read arbitrary files by attempting to upload a file
High
CVE-2016-2164
was published
for
org.apache.openmeetings:openmeetings-parent
(Maven)
May 14, 2022
Exposure of Sensitive Information in Apache Pluto
High
CVE-2018-1306
was published
for
org.apache.portals.pluto:pluto-container
(Maven)
May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
High
CVE-2017-5647
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
High
CVE-2017-12616
was published
for
org.apache.tomcat:tomcat-catalina
(Maven)
May 14, 2022
Apache Tomcat allows remote attackers to read data that was intended to be associated with a different request
High
CVE-2016-8747
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
High
CVE-2018-1000410
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
Apache Geode OQL method invocation vulnerability
High
CVE-2017-9795
was published
for
org.apache.geode:geode-core
(Maven)
May 14, 2022
Jenkins Accurev Plugin CSRF vulnerability and missing permission checks
High
CVE-2018-1999028
was published
for
org.jenkins-ci.plugins:accurev
(Maven)
May 13, 2022
Exposure of Sensitive Information in Jenkins Kubernetes Plugin
High
CVE-2018-1999040
was published
for
org.csanchez.jenkins.plugins:kubernetes
(Maven)
May 13, 2022
CSRF vulnerability and missing permission checks in GitHub Plugin allowed capturing credentials
High
CVE-2018-1000600
was published
for
com.coravy.hudson.plugins.github:github
(Maven)
May 13, 2022
CSRF vulnerability and missing permission checks in Openstack Cloud Plugin allowed capturing credentials
High
CVE-2018-1000603
was published
for
org.jenkins-ci.plugins:openstack-cloud
(Maven)
May 13, 2022
Apache Wicket Sensitive Data Exposure
High
CVE-2014-3526
was published
for
org.apache.wicket:wicket-core
(Maven)
May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
High
CVE-2018-3831
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 13, 2022
Apache Tomcat allows remote attackers to read JSP source files
High
CVE-2005-4836
was published
for
org.apache.tomcat:tomcat
(Maven)
May 1, 2022
Apache Tomcat Source Code Disclosure
High
CVE-2002-1394
was published
for
org.apache.tomcat:tomcat
(Maven)
Apr 30, 2022
JBoss AS may expose root content if excluded-contexts list is mismatched
High
CVE-2012-1094
was published
for
org.jboss.as:jboss-as-server
(Maven)
Apr 23, 2022
Information Exposure in Apache Tapestry
High
CVE-2021-30638
was published
for
org.apache.tapestry:tapestry-core
(Maven)
Mar 18, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Concord
High
CVE-2020-10591
was published
for
com.walmartlabs.concord.docker:concord-common
(Maven)
Feb 10, 2022
ProTip!
Advisories are also available from the
GraphQL API