GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,107
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,659
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
238 advisories
Filter by severity
Apache Sling JCR ContentLoader XmlReader Arbitrary File Load
High
CVE-2012-3353
was published
for
org.apache.sling:org.apache.sling.jcr.contentloader
(Maven)
May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Jasypt
High
CVE-2014-9970
was published
for
org.jasypt:jasypt
(Maven)
May 14, 2022
Cloud Foundry UAA SessionID present in Audit Event Logs
High
CVE-2018-1192
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 14, 2022
Apache Geode configuration request authorization vulnerability
High
CVE-2017-15696
was published
for
org.apache.geode:geode-core
(Maven)
May 14, 2022
Drupal Comment reply form allows access to restricted content
High
CVE-2017-6926
was published
for
drupal/core
(Composer)
May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Sling Servlets Post
High
CVE-2016-0956
was published
for
org.apache.sling:org.apache.sling.servlets.post
(Maven)
May 14, 2022
Apache OpenMeetings allows remote attackers to read arbitrary files by attempting to upload a file
High
CVE-2016-2164
was published
for
org.apache.openmeetings:openmeetings-parent
(Maven)
May 14, 2022
LFI in PHP-Proxy 5.1.0
High
CVE-2018-19246
was published
for
athlon1600/php-proxy
(Composer)
May 14, 2022
Exposure of Sensitive Information in System.Net.Http
High
CVE-2019-0545
was published
for
Microsoft.NETCore.App
(NuGet)
May 14, 2022
Exposure of Sensitive Information in Apache Pluto
High
CVE-2018-1306
was published
for
org.apache.portals.pluto:pluto-container
(Maven)
May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
High
CVE-2017-5647
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
High
CVE-2017-12616
was published
for
org.apache.tomcat:tomcat-catalina
(Maven)
May 14, 2022
Apache Tomcat allows remote attackers to read data that was intended to be associated with a different request
High
CVE-2016-8747
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
High
CVE-2018-1000410
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
Logstash Logs Sensitive Information
High
CVE-2016-1000221
was published
for
logstash-core
(RubyGems)
May 14, 2022
Apache Geode OQL method invocation vulnerability
High
CVE-2017-9795
was published
for
org.apache.geode:geode-core
(Maven)
May 14, 2022
keycloak-httpd-client-install Insecure Secrets
High
CVE-2017-15112
was published
for
keycloak-httpd-client-install
(pip)
May 14, 2022
ChakraCore information disclosure vulnerability
High
CVE-2018-8145
was published
for
Microsoft.ChakraCore
(NuGet)
May 13, 2022
Jenkins Accurev Plugin CSRF vulnerability and missing permission checks
High
CVE-2018-1999028
was published
for
org.jenkins-ci.plugins:accurev
(Maven)
May 13, 2022
Exposure of Sensitive Information in Jenkins Kubernetes Plugin
High
CVE-2018-1999040
was published
for
org.csanchez.jenkins.plugins:kubernetes
(Maven)
May 13, 2022
Insecure Permissions in Phusion Passenger
High
CVE-2018-12027
was published
for
passenger
(RubyGems)
May 13, 2022
CSRF vulnerability and missing permission checks in GitHub Plugin allowed capturing credentials
High
CVE-2018-1000600
was published
for
com.coravy.hudson.plugins.github:github
(Maven)
May 13, 2022
CSRF vulnerability and missing permission checks in Openstack Cloud Plugin allowed capturing credentials
High
CVE-2018-1000603
was published
for
org.jenkins-ci.plugins:openstack-cloud
(Maven)
May 13, 2022
openstack-mistral Discloses the presence of arbitrary files within the filesystem
High
CVE-2018-16849
was published
for
mistral
(pip)
May 13, 2022
Apache Wicket Sensitive Data Exposure
High
CVE-2014-3526
was published
for
org.apache.wicket:wicket-core
(Maven)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API