GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
28 advisories
Filter by severity
Moderate severity vulnerability that affects org.keycloak:keycloak-core
Moderate
CVE-2016-8629
was published
for
org.keycloak:keycloak-core
(Maven)
Oct 18, 2018
JULI logging component in Apache Tomcat does not restrict certain permissions for web applications
Moderate
CVE-2007-5342
was published
for
org.apache.tomcat:tomcat-juli
(Maven)
May 1, 2022
Improper Access Control in Apache Derby
Moderate
CVE-2018-1313
was published
for
org.apache.derby:derby
(Maven)
May 13, 2022
Improper Access Control in Apache CXF
Moderate
CVE-2015-5253
was published
for
org.apache.cxf:cxf-rt-rs-security-sso-saml
(Maven)
May 13, 2022
Improper Access Control in Apache Tomcat
Moderate
CVE-2014-7810
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Improper Access Control in Apache WSS4J
Moderate
CVE-2015-0227
was published
for
org.apache.ws.security:wss4j
(Maven)
May 14, 2022
Improper Access Control in MySQL Connectors Java
Moderate
CVE-2015-2575
was published
for
mysql:mysql-connector-java
(Maven)
May 17, 2022
Improper Access Control in Apache Tomcat
Moderate
CVE-2012-5885
was published
for
org.apache.tomcat:tomcat
(Maven)
May 17, 2022
Apache Tomcat does not follow ServletSecurity annotations
Moderate
CVE-2011-1419
was published
for
org.apache.tomcat:tomcat
(Maven)
May 17, 2022
Apache Struts2 Broken Access Control Vulnerability
Moderate
CVE-2013-4310
was published
for
org.apache.struts:struts2-core
(Maven)
May 17, 2022
Improper Access Control in JBoss mod_cluster
Moderate
CVE-2012-1154
was published
for
org.jboss.mod_cluster:mod_cluster
(Maven)
May 17, 2022
Wildfly Authorization Misconfiguration
Moderate
CVE-2019-14838
was published
for
org.wildfly.core:wildfly-host-controller
(Maven)
May 24, 2022
Missing permission check in Jenkins Build Failure Analyzer Plugin
Moderate
CVE-2019-16554
was published
for
com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer
(Maven)
May 24, 2022
Keycloak has lack of validation of access token on client registrations endpoint
Moderate
CVE-2023-0091
was published
for
org.keycloak:keycloak-core
(Maven)
Jan 12, 2023
Unprivileged XWiki Platform users can make arbitrary select queries using DatabaseListProperty and suggest.vm
Moderate
CVE-2023-26473
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Mar 3, 2023
Jenkins OctoPerf Load Testing Plugin missing permission check allows for unauthorized server connections
Moderate
CVE-2023-28675
was published
for
org.jenkinsci.plugins:octoperf
(Maven)
Apr 2, 2023
Jenkins OctoPerf Load Testing Plugin missing permission check allows for ID enumeration
Moderate
CVE-2023-28673
was published
for
org.jenkinsci.plugins:octoperf
(Maven)
Apr 2, 2023
PowerJob vulnerable to Incorrect Access Control via the create user/save interface.
Moderate
CVE-2023-29922
was published
for
tech.powerjob:powerjob
(Maven)
Apr 19, 2023
xwiki-platform-web-templates allows users to be created even when registration is disabled without validation via template macro
Moderate
CVE-2023-29513
was published
for
org.xwiki.platform:xwiki-platform-web-templates
(Maven)
Apr 20, 2023
Liferay portal unauthorized access to objects via OAuth 2 scope
Moderate
CVE-2023-33946
was published
for
com.liferay.portal:release.portal.bom
(Maven)
May 24, 2023
Liferay portal has unauthorized access to object definition via search
Moderate
CVE-2023-33947
was published
for
com.liferay.portal:release.portal.bom
(Maven)
May 24, 2023
PlantUML Improper Access Control vulnerability
Moderate
CVE-2023-3431
was published
for
net.sourceforge.plantuml:plantuml-mit
(Maven)
Jun 27, 2023
io.micronaut.security:micronaut-security-oauth2 has invalid IdTokenClaimsValidator logic on aud
Moderate
CVE-2023-36820
was published
for
io.micronaut.security:micronaut-security-oauth2
(Maven)
Oct 5, 2023
Broken access control in Silverpeas
Moderate
CVE-2023-47321
was published
for
org.silverpeas.core:silverpeas-core-web
(Maven)
Dec 13, 2023
Broken access control in Silverpeas
Moderate
CVE-2023-47327
was published
for
org.silverpeas.core:silverpeas-core-web
(Maven)
Dec 13, 2023
ProTip!
Advisories are also available from the
GraphQL API