GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
274 advisories
Filter by severity
Displayed in plain text by Dingding JSON Pusher Plugin
Moderate
CVE-2023-50773
was published
for
com.zintow:dingding-json-pusher
(Maven)
Dec 13, 2023
Quarkus Cache Runtime exposes sensitive information to an unauthorized actor
Moderate
CVE-2023-6393
was published
for
io.quarkus:quarkus-cache
(Maven)
Dec 6, 2023
Apache DolphinScheduler Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Moderate
CVE-2023-49068
was published
for
org.apache.dolphinscheduler:dolphinscheduler-api
(Maven)
Nov 27, 2023
Apache DolphinScheduler sensitive information disclosure
High
CVE-2023-48796
was published
for
org.apache.dolphinscheduler:dolphinscheduler
(Maven)
Nov 24, 2023
Apache Storm Local Information Disclosure Vulnerability in Storm-core on Unix-Like systems due temporary files
Low
CVE-2023-43123
was published
for
org.apache.storm:storm-core
(Maven)
Nov 23, 2023
wildfly-core Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Moderate
CVE-2023-4061
was published
for
org.wildfly.core:wildfly-controller
(Maven)
Nov 8, 2023
Jenkins Warnings Plugin exposures system-scoped credentials
Moderate
CVE-2023-46651
was published
for
io.jenkins.plugins:warnings-ng
(Maven)
Oct 25, 2023
Quarkus OIDC can leak both ID and access tokens
High
CVE-2023-1584
was published
for
io.quarkus:quarkus-oidc
(Maven)
Oct 4, 2023
Credential leakage in Jenkins Plug-in for ServiceNow
Moderate
CVE-2023-3414
was published
for
io.jenkins.plugins:servicenow-devops
(Maven)
Jul 26, 2023
Secret displayed without masking by Chef Identity Plugin
Low
CVE-2023-39155
was published
for
org.jenkins-ci.plugins:chef-identity
(Maven)
Jul 26, 2023
Apache Camel information exposure vulnerability
Low
CVE-2023-34442
was published
for
org.apache.camel:camel-jira
(Maven)
Jul 10, 2023
Apache MINA SSHD information disclosure vulnerability
Moderate
CVE-2023-35887
was published
for
org.apache.sshd:sshd-common
(Maven)
Jul 10, 2023
Vaadin vulnerable to possible information disclosure in non visible components.
Moderate
CVE-2023-25499
was published
for
com.vaadin:flow-server
(Maven)
Jun 22, 2023
Vaadin vulnerable to possible information disclosure of class and method names in RPC response
Low
CVE-2023-25500
was published
for
com.vaadin:flow-server
(Maven)
Jun 22, 2023
XWiki Platform's tags on non-viewable pages can be revealed to users
Moderate
CVE-2023-34466
was published
for
org.xwiki.platform:xwiki-platform-tag-api
(Maven)
Jun 20, 2023
Hazelcast vulnerable to unmasked password exposure
Moderate
CVE-2023-33264
was published
for
com.hazelcast:hazelcast
(Maven)
May 22, 2023
Exposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-office-viewer
High
CVE-2023-29517
was published
for
org.xwiki.platform:xwiki-platform-office-viewer
(Maven)
Apr 20, 2023
Eclipse Jetty's cookie parsing of quoted values can exfiltrate values from other cookies
Low
CVE-2023-26049
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Apr 18, 2023
Spring Session session ID can be logged to the standard output stream
Moderate
CVE-2023-20866
was published
for
org.springframework.session:spring-session-core
(Maven)
Apr 13, 2023
Exposure of Sensitive Information in OpenGoofy Hippo4j
Moderate
CVE-2023-27095
was published
for
cn.hippo4j:hippo4j-core
(Maven)
Mar 16, 2023
XWiki Platform packages Expose Sensitive Information to an Unauthorized Actor
High
CVE-2023-26476
was published
for
org.xwiki.platform:xwiki-platform-livetable-ui
(Maven)
Mar 3, 2023
Apache Linkis vulnerable to Exposure of Sensitive Information
Moderate
CVE-2022-44644
was published
for
org.apache.linkis:linkis
(Maven)
Jan 31, 2023
Field-level security issue with .keyword fields in OpenSearch
Moderate
CVE-2023-23613
was published
for
org.opensearch:opensearch-security
(Maven)
Jan 24, 2023
Apache James MIME4J vulnerable to information disclosure to local users
Moderate
CVE-2022-45787
was published
for
org.apache.james:apache-mime4j-storage
(Maven)
Jan 6, 2023
Apache James server allows an attacker with local access to access private user data in transit
Moderate
CVE-2022-45935
was published
for
org.apache.james:james-server
(Maven)
Jan 6, 2023
ProTip!
Advisories are also available from the
GraphQL API