GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
274 advisories
Filter by severity
Insertion of Sensitive Information into Externally-Accessible File or Directory in Jenkins Credentials Plugin
Moderate
CVE-2019-10320
was published
for
org.jenkins-ci.plugins:credentials
(Maven)
May 24, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache HttpClient
Moderate
CVE-2011-1498
was published
for
org.apache.httpcomponents:httpclient
(Maven)
May 17, 2022
OWASP HTML Sanitizer allows redirecting to an arbitrary URL when JavaScript is disabled
Low
CVE-2011-4457
was published
for
com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer
(Maven)
May 17, 2022
Apache Tomcat Exposes IP Addresses and HTTP Headers of Requests
Moderate
CVE-2011-3375
was published
for
org.apache.tomcat:tomcat
(Maven)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Spring Security
Moderate
CVE-2012-5055
was published
for
org.springframework.security:spring-security-core
(Maven)
May 17, 2022
Apache Rave information disclosure vulnerability
Moderate
CVE-2013-1814
was published
for
org.apache.rave:rave-core
(Maven)
May 17, 2022
Eucalyptus Unauthorized Access to CC/NC Log Files
Moderate
CVE-2013-4766
was published
for
org.jclouds.api:eucalyptus
(Maven)
May 17, 2022
Apache Shindig PHP Sensitive Information Disclosure
Moderate
CVE-2013-4295
was published
for
org.apache.shindig:shindig-php
(Maven)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in JGroup
Moderate
CVE-2013-4112
was published
for
org.jgroups:jgroups
(Maven)
May 17, 2022
Jenkins allows attackers to determine whether a user exists
Moderate
CVE-2014-2064
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Moderate
CVE-2014-3662
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Moderate
CVE-2014-3680
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy
Moderate
CVE-2016-6345
was published
for
org.jboss.resteasy:resteasy-client
(Maven)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Direct Web Remoting
Moderate
CVE-2014-5325
was published
for
org.directwebremoting:dwr
(Maven)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Hadoop
Moderate
CVE-2015-1776
was published
for
org.apache.hadoop:hadoop-common
(Maven)
May 17, 2022
Apache Ambari reveals administrator passwords
Moderate
CVE-2016-4976
was published
for
org.apache.ambari:ambari
(Maven)
May 17, 2022
Apache Geode information disclosure vulnerability
High
CVE-2017-5649
was published
for
org.apache.geode:geode-core
(Maven)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
Low
CVE-2013-2071
was published
for
org.apache.tomcat:tomcat
(Maven)
May 17, 2022
Apache Tomcat Allows Replacing of XML Parser
Moderate
CVE-2011-2481
was published
for
org.apache.tomcat:tomcat
(Maven)
May 17, 2022
Apache OpenMeetings displays Tomcat version and detailed error stack trace
High
CVE-2017-7683
was published
for
org.apache.openmeetings:openmeetings-parent
(Maven)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
Critical
CVE-2017-1000362
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Qpid Broker for Java
High
CVE-2016-8741
was published
for
org.apache.qpid:qpid-broker
(Maven)
May 17, 2022
The Undertow module of WildFly allows source code disclosure
High
CVE-2015-3198
was published
for
org.wildfly:wildfly-parent
(Maven)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy
Moderate
CVE-2011-5245
was published
for
org.jboss.resteasy:resteasy-jaxb-provider
(Maven)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy
Moderate
CVE-2012-0818
was published
for
org.jboss.resteasy:resteasy-client
(Maven)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API