Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,107
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,659
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+

238 advisories

Loading
Apache Sling JCR ContentLoader XmlReader Arbitrary File Load High
CVE-2012-3353 was published for org.apache.sling:org.apache.sling.jcr.contentloader (Maven) May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Jasypt High
CVE-2014-9970 was published for org.jasypt:jasypt (Maven) May 14, 2022
Cloud Foundry UAA SessionID present in Audit Event Logs High
CVE-2018-1192 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 14, 2022
sunSUNQ
Apache Geode configuration request authorization vulnerability High
CVE-2017-15696 was published for org.apache.geode:geode-core (Maven) May 14, 2022
Drupal Comment reply form allows access to restricted content High
CVE-2017-6926 was published for drupal/core (Composer) May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Sling Servlets Post High
CVE-2016-0956 was published for org.apache.sling:org.apache.sling.servlets.post (Maven) May 14, 2022
Apache OpenMeetings allows remote attackers to read arbitrary files by attempting to upload a file High
CVE-2016-2164 was published for org.apache.openmeetings:openmeetings-parent (Maven) May 14, 2022
LFI in PHP-Proxy 5.1.0 High
CVE-2018-19246 was published for athlon1600/php-proxy (Composer) May 14, 2022
Exposure of Sensitive Information in System.Net.Http High
CVE-2019-0545 was published for Microsoft.NETCore.App (NuGet) May 14, 2022
Exposure of Sensitive Information in Apache Pluto High
CVE-2018-1306 was published for org.apache.portals.pluto:pluto-container (Maven) May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat High
CVE-2017-5647 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
kurt-r2c sunSUNQ
r3kumar
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat High
CVE-2017-12616 was published for org.apache.tomcat:tomcat-catalina (Maven) May 14, 2022
Apache Tomcat allows remote attackers to read data that was intended to be associated with a different request High
CVE-2016-8747 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins High
CVE-2018-1000410 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Logstash Logs Sensitive Information High
CVE-2016-1000221 was published for logstash-core (RubyGems) May 14, 2022
Apache Geode OQL method invocation vulnerability High
CVE-2017-9795 was published for org.apache.geode:geode-core (Maven) May 14, 2022
keycloak-httpd-client-install Insecure Secrets High
CVE-2017-15112 was published for keycloak-httpd-client-install (pip) May 14, 2022
ChakraCore information disclosure vulnerability High
CVE-2018-8145 was published for Microsoft.ChakraCore (NuGet) May 13, 2022
Jenkins Accurev Plugin CSRF vulnerability and missing permission checks High
CVE-2018-1999028 was published for org.jenkins-ci.plugins:accurev (Maven) May 13, 2022
Exposure of Sensitive Information in Jenkins Kubernetes Plugin High
CVE-2018-1999040 was published for org.csanchez.jenkins.plugins:kubernetes (Maven) May 13, 2022
Insecure Permissions in Phusion Passenger High
CVE-2018-12027 was published for passenger (RubyGems) May 13, 2022
CSRF vulnerability and missing permission checks in GitHub Plugin allowed capturing credentials High
CVE-2018-1000600 was published for com.coravy.hudson.plugins.github:github (Maven) May 13, 2022
CSRF vulnerability and missing permission checks in Openstack Cloud Plugin allowed capturing credentials High
CVE-2018-1000603 was published for org.jenkins-ci.plugins:openstack-cloud (Maven) May 13, 2022
openstack-mistral Discloses the presence of arbitrary files within the filesystem High
CVE-2018-16849 was published for mistral (pip) May 13, 2022
Apache Wicket Sensitive Data Exposure High
CVE-2014-3526 was published for org.apache.wicket:wicket-core (Maven) May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database