GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
26 advisories
Filter by severity
Sensitive Data Exposure in Apache Ant
Moderate
CVE-2020-1945
was published
for
org.apache.ant:ant
(Maven)
Sep 14, 2020
Local Information Disclosure Vulnerability in Netty on Unix-Like systems
Moderate
CVE-2021-21290
was published
for
io.netty:netty
(Maven)
Feb 8, 2021
Exposure of class information in RESTEasy
Moderate
CVE-2021-20289
was published
for
org.jboss.resteasy:resteasy-core
(Maven)
Apr 7, 2021
Local information disclosure via system temporary directory
Moderate
CVE-2021-28168
was published
for
org.glassfish.jersey.core:jersey-common
(Maven)
Apr 23, 2021
Man-in-the-middle attack in Apache Cassandra
Moderate
CVE-2020-13946
was published
for
org.apache.cassandra:cassandra-all
(Maven)
May 7, 2021
Creation of Temporary File in Directory with Insecure Permissions in auto-generated Java, Scala code
Moderate
CVE-2021-21430
was published
for
org.openapitools:openapi-generator
(Maven)
May 11, 2021
Possible route enumeration in production mode via RouteNotFoundError view in Vaadin 10, 11-14, and 15-19
Moderate
CVE-2021-31412
was published
for
com.vaadin:vaadin-bom
(Maven)
Jun 28, 2021
The reset password form reveal users email address
Moderate
CVE-2021-32731
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Jul 2, 2021
Druid ingestion system Authenticated users can read data from other sources than intended
Moderate
CVE-2021-36749
was published
for
org.apache.druid:druid-core
(Maven)
Sep 27, 2021
Apache Ozone exposes OM, SCM and Datanode metadata
Moderate
CVE-2021-41532
was published
for
org.apache.ozone:ozone-main
(Maven)
Nov 23, 2021
Malicious Atomix node queries expose sensitive information
Moderate
CVE-2020-35215
was published
for
io.atomix:atomix
(Maven)
Dec 17, 2021
SQL Injection in Apache Kylin
Moderate
CVE-2021-36774
was published
for
org.apache.kylin:kylin
(Maven)
Jan 8, 2022
Missing permission checks in SSH Agent Plugin allow enumerating credentials IDs
Moderate
CVE-2022-20620
was published
for
org.jenkins-ci.plugins:ssh-agent
(Maven)
Jan 13, 2022
Incorrect Authorization in keycloak
Moderate
CVE-2020-1725
was published
for
org.keycloak:keycloak-parent
(Maven)
Feb 9, 2022
Arbitrary file read vulnerability in Jenkins Tests Selector Plugin
Moderate
CVE-2022-28160
was published
for
org.jenkins-ci.plugins:selected-tests-executor
(Maven)
Mar 30, 2022
Local Information Disclosure Vulnerability in io.netty:netty-codec-http
Moderate
CVE-2022-24823
was published
for
io.netty:netty-codec-http
(Maven)
May 10, 2022
Jenkins Google Kubernetes Engine Plugin vulnerable to Exposure of Resource to Wrong Sphere
Moderate
CVE-2019-10365
was published
for
org.jenkins-ci.plugins:google-kubernetes-engine
(Maven)
May 24, 2022
Jenkins JIRA Plugin allows users to select and use credentials with System scope
Moderate
CVE-2019-16541
was published
for
org.jenkins-ci.plugins:jira
(Maven)
May 24, 2022
Exposure of Resource to Wrong Sphere in Spring Data REST
Moderate
CVE-2021-22047
was published
for
org.springframework.data:spring-data-rest-core
(Maven)
May 24, 2022
Exposure of Resource to Wrong Sphere in Liferay Portal
Moderate
CVE-2021-33330
was published
for
com.liferay.portal:release.portal.bom
(Maven)
May 24, 2022
Microsoft: CBC Padding Oracle in Azure Blob Storage Encryption Library
Moderate
CVE-2022-30187
was published
for
Azure.Storage.Blobs
(Maven)
Jul 13, 2022
TemporaryFolder on unix-like systems does not limit access to created files
Moderate
CVE-2022-41946
was published
for
org.postgresql:postgresql
(Maven)
Nov 23, 2022
Apache James server allows an attacker with local access to access private user data in transit
Moderate
CVE-2022-45935
was published
for
org.apache.james:james-server
(Maven)
Jan 6, 2023
Java Merge-sort Insecure Temporary File vulnerability
Moderate
CVE-2022-24913
was published
for
com.fasterxml.util:java-merge-sort
(Maven)
Jan 12, 2023
Apache InLong: General user can delete and update process
Moderate
CVE-2023-34189
was published
for
org.apache.inlong:inlong-manager
(Maven)
Jul 25, 2023
ProTip!
Advisories are also available from the
GraphQL API