Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

176 advisories

Loading
Jenkins Credentials plugin reveals encrypted values of credentials to users with Extended Read permission Moderate
CVE-2024-47805 was published for org.jenkins-ci.plugins:credentials (Maven) Oct 2, 2024
org.xwiki.platform:xwiki-platform-notifications-ui leaks data of notification filters of users Moderate
CVE-2024-46979 was published for org.xwiki.platform:xwiki-platform-notifications-ui (Maven) Sep 18, 2024
Apereo CAS vulnerable to credential leaks for LDAP authentication Moderate
CVE-2023-28857 was published for org.apereo.cas:cas-server-support-x509-core (Maven) Aug 5, 2024
Apache RocketMQ Vulnerable to Unauthorized Exposure of Sensitive Data Moderate
CVE-2024-23321 was published for org.apache.rocketmq:rocketmq-all (Maven) Jul 22, 2024
oscerd
GeoServer's Server Status shows sensitive environmental variables and Java properties Moderate
CVE-2024-34696 was published for org.geoserver.web:gs-web-app (Maven) Jul 1, 2024
miceg jodygarnett
Elasticsearch Remote Cluster Search Cross Cluster API Key insufficient restrictions Moderate
CVE-2024-23445 was published for org.elasticsearch:elasticsearch (Maven) Jun 12, 2024
BoringSSLAEADContext in Netty Repeats Nonces Moderate
CVE-2024-36121 was published for io.netty.incubator:netty-incubator-codec-ohttp (Maven) Jun 5, 2024
SalusaSecondus
Jberet: jberet-core logging database credentials Moderate
CVE-2024-1102 was published for org.jberet:jberet-core (Maven) Apr 25, 2024
XWiki Platform: Password hash might be leaked by diff once the xobject holding them is deleted Moderate
CVE-2024-31464 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Apr 10, 2024
Eclipse Vert.x memory leak Moderate
CVE-2024-1023 was published for io.vertx:vertx-core (Maven) Mar 27, 2024
marcelstoer
Apache ZooKeeper vulnerable to information disclosure in persistent watchers handling Moderate
CVE-2024-23944 was published for org.apache.zookeeper:zookeeper (Maven) Mar 15, 2024
Apache Solr's Streaming Expressions allow users to extract data from other Solr Clouds Moderate
CVE-2023-50298 was published for org.apache.solr:solr-solrj (Maven) Feb 9, 2024
DanielRuf
Shared projects are unconditionally discovered by Jenkins GitLab Branch Source Plugin Moderate
CVE-2024-23901 was published for io.jenkins.plugins:gitlab-branch-source (Maven) Jan 24, 2024
Apache Solr allows read access to host environmet variables Moderate
CVE-2023-50290 was published for org.apache.solr:solr-core (Maven) Jan 15, 2024
Solr search discloses email addresses of users Moderate
CVE-2023-50720 was published for org.xwiki.platform:xwiki-platform-search-solr-api (Maven) Dec 16, 2023
Displayed in plain text by Dingding JSON Pusher Plugin Moderate
CVE-2023-50773 was published for com.zintow:dingding-json-pusher (Maven) Dec 13, 2023
Quarkus Cache Runtime exposes sensitive information to an unauthorized actor Moderate
CVE-2023-6393 was published for io.quarkus:quarkus-cache (Maven) Dec 6, 2023
Apache DolphinScheduler Exposure of Sensitive Information to an Unauthorized Actor vulnerability Moderate
CVE-2023-49068 was published for org.apache.dolphinscheduler:dolphinscheduler-api (Maven) Nov 27, 2023
wildfly-core Exposure of Sensitive Information to an Unauthorized Actor vulnerability Moderate
CVE-2023-4061 was published for org.wildfly.core:wildfly-controller (Maven) Nov 8, 2023
Jenkins Warnings Plugin exposures system-scoped credentials Moderate
CVE-2023-46651 was published for io.jenkins.plugins:warnings-ng (Maven) Oct 25, 2023
Jenkins Gogs Plugin vulnerable to unsafe default behavior and information disclosure Moderate
CVE-2023-40348 was published for org.jenkins-ci.plugins:gogs-webhook (Maven) Aug 16, 2023
Credential leakage in Jenkins Plug-in for ServiceNow Moderate
CVE-2023-3414 was published for io.jenkins.plugins:servicenow-devops (Maven) Jul 26, 2023
Apache MINA SSHD information disclosure vulnerability Moderate
CVE-2023-35887 was published for org.apache.sshd:sshd-common (Maven) Jul 10, 2023
pavelarnost gjordi
Vaadin vulnerable to possible information disclosure in non visible components. Moderate
CVE-2023-25499 was published for com.vaadin:flow-server (Maven) Jun 22, 2023
XWiki Platform's tags on non-viewable pages can be revealed to users Moderate
CVE-2023-34466 was published for org.xwiki.platform:xwiki-platform-tag-api (Maven) Jun 20, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database