Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+

274 advisories

Loading
Insertion of Sensitive Information into Externally-Accessible File or Directory in Jenkins Credentials Plugin Moderate
CVE-2019-10320 was published for org.jenkins-ci.plugins:credentials (Maven) May 24, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache HttpClient Moderate
CVE-2011-1498 was published for org.apache.httpcomponents:httpclient (Maven) May 17, 2022
MarkLee131
OWASP HTML Sanitizer allows redirecting to an arbitrary URL when JavaScript is disabled Low
CVE-2011-4457 was published for com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer (Maven) May 17, 2022
Apache Tomcat Exposes IP Addresses and HTTP Headers of Requests Moderate
CVE-2011-3375 was published for org.apache.tomcat:tomcat (Maven) May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Spring Security Moderate
CVE-2012-5055 was published for org.springframework.security:spring-security-core (Maven) May 17, 2022
Apache Rave information disclosure vulnerability Moderate
CVE-2013-1814 was published for org.apache.rave:rave-core (Maven) May 17, 2022
q5438722
Eucalyptus Unauthorized Access to CC/NC Log Files Moderate
CVE-2013-4766 was published for org.jclouds.api:eucalyptus (Maven) May 17, 2022
Apache Shindig PHP Sensitive Information Disclosure Moderate
CVE-2013-4295 was published for org.apache.shindig:shindig-php (Maven) May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in JGroup Moderate
CVE-2013-4112 was published for org.jgroups:jgroups (Maven) May 17, 2022
Jenkins allows attackers to determine whether a user exists Moderate
CVE-2014-2064 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
sunSUNQ
Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability Moderate
CVE-2014-3662 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability Moderate
CVE-2014-3680 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy Moderate
CVE-2016-6345 was published for org.jboss.resteasy:resteasy-client (Maven) May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Direct Web Remoting Moderate
CVE-2014-5325 was published for org.directwebremoting:dwr (Maven) May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Hadoop Moderate
CVE-2015-1776 was published for org.apache.hadoop:hadoop-common (Maven) May 17, 2022
Apache Ambari reveals administrator passwords Moderate
CVE-2016-4976 was published for org.apache.ambari:ambari (Maven) May 17, 2022
Apache Geode information disclosure vulnerability High
CVE-2017-5649 was published for org.apache.geode:geode-core (Maven) May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat Low
CVE-2013-2071 was published for org.apache.tomcat:tomcat (Maven) May 17, 2022
Apache Tomcat Allows Replacing of XML Parser Moderate
CVE-2011-2481 was published for org.apache.tomcat:tomcat (Maven) May 17, 2022
sunSUNQ
Apache OpenMeetings displays Tomcat version and detailed error stack trace High
CVE-2017-7683 was published for org.apache.openmeetings:openmeetings-parent (Maven) May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins Critical
CVE-2017-1000362 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Qpid Broker for Java High
CVE-2016-8741 was published for org.apache.qpid:qpid-broker (Maven) May 17, 2022
The Undertow module of WildFly allows source code disclosure High
CVE-2015-3198 was published for org.wildfly:wildfly-parent (Maven) May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy Moderate
CVE-2011-5245 was published for org.jboss.resteasy:resteasy-jaxb-provider (Maven) May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy Moderate
CVE-2012-0818 was published for org.jboss.resteasy:resteasy-client (Maven) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database