GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
65 advisories
Filter by severity
Apache Ignite communicates to an external PHP server where sensitive information is sent
High
CVE-2017-7686
was published
for
org.apache.ignite:ignite-core
(Maven)
Oct 16, 2018
Jetty vulnerable to exposure of sensitive information due to observable discrepancy
High
CVE-2017-9735
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Oct 19, 2018
Jetty vulnerable to exposure of sensitive information to unauthenticated remote users
High
CVE-2015-2080
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Nov 9, 2018
Exposure of Sensitive Information to an Unauthorized Actor in Hadoop
High
CVE-2018-1296
was published
for
org.apache.hadoop:hadoop-main
(Maven)
Feb 12, 2019
Polymorphic deserialization of malicious object in jackson-databind
High
CVE-2019-14892
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
May 15, 2020
XML External Entity Injection in XStream
High
CVE-2016-3674
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Jun 30, 2020
Exposure of Sensitive Information to an Unauthorized Actor in Apache Wicket
High
CVE-2020-11976
was published
for
org.apache.wicket:wicket-core
(Maven)
May 7, 2021
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
High
CVE-2021-25122
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jun 16, 2021
Exposure of Sensitive Information to an Unauthorized Actor in Apache Santuario
High
CVE-2021-40690
was published
for
org.apache.santuario:xmlsec
(Maven)
Sep 20, 2021
Improper Removal of Sensitive Information Before Storage or Transfer in Apache Jackrabbit Oak
High
CVE-2020-1940
was published
for
org.apache.jackrabbit:oak-core
(Maven)
Dec 10, 2021
Opencast publishes global system account credentials
High
CVE-2018-16153
was published
for
org.opencastproject:opencast-common
(Maven)
Dec 14, 2021
Insertion of Sensitive Information into Log File in Apache NiFi
High
CVE-2020-1942
was published
for
org.apache.nifi:nifi-framework-core
(Maven)
Jan 6, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
High
CVE-2020-17527
was published
for
org.apache.tomcat:tomcat-coyote
(Maven)
Feb 9, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Concord
High
CVE-2020-10591
was published
for
com.walmartlabs.concord.docker:concord-common
(Maven)
Feb 10, 2022
Information Exposure in Apache Tapestry
High
CVE-2021-30638
was published
for
org.apache.tapestry:tapestry-core
(Maven)
Mar 18, 2022
JBoss AS may expose root content if excluded-contexts list is mismatched
High
CVE-2012-1094
was published
for
org.jboss.as:jboss-as-server
(Maven)
Apr 23, 2022
Apache Tomcat Source Code Disclosure
High
CVE-2002-1394
was published
for
org.apache.tomcat:tomcat
(Maven)
Apr 30, 2022
Apache Tomcat allows remote attackers to read JSP source files
High
CVE-2005-4836
was published
for
org.apache.tomcat:tomcat
(Maven)
May 1, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
High
CVE-2018-3831
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 13, 2022
Apache Wicket Sensitive Data Exposure
High
CVE-2014-3526
was published
for
org.apache.wicket:wicket-core
(Maven)
May 13, 2022
CSRF vulnerability and missing permission checks in Openstack Cloud Plugin allowed capturing credentials
High
CVE-2018-1000603
was published
for
org.jenkins-ci.plugins:openstack-cloud
(Maven)
May 13, 2022
CSRF vulnerability and missing permission checks in GitHub Plugin allowed capturing credentials
High
CVE-2018-1000600
was published
for
com.coravy.hudson.plugins.github:github
(Maven)
May 13, 2022
Jenkins Accurev Plugin CSRF vulnerability and missing permission checks
High
CVE-2018-1999028
was published
for
org.jenkins-ci.plugins:accurev
(Maven)
May 13, 2022
Exposure of Sensitive Information in Jenkins Kubernetes Plugin
High
CVE-2018-1999040
was published
for
org.csanchez.jenkins.plugins:kubernetes
(Maven)
May 13, 2022
Apache Geode OQL method invocation vulnerability
High
CVE-2017-9795
was published
for
org.apache.geode:geode-core
(Maven)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API