GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
19 advisories
Filter by severity
OSGi applications using Vaadin 12-14 and 19 vulnerable to server classes and resources exposure
High
CVE-2021-31407
was published
for
com.vaadin:flow-server
(Maven)
Apr 19, 2021
Exposure of Resource to Wrong Sphere in Spring Cloud OpenFeign
High
CVE-2021-22044
was published
for
org.springframework.cloud:spring-cloud-openfeign-core
(Maven)
May 24, 2022
Temporary Directory Hijacking to Local Privilege Escalation Vulnerability in org.springframework.boot:spring-boot
High
CVE-2022-27772
was published
for
org.springframework.boot:spring-boot
(Maven)
Jul 11, 2022
HTSJDK is vulnerable to exposure of resource(s) to the wrong sphere
High
CVE-2022-21126
was published
for
com.github.samtools:htsjdk
(Maven)
Nov 29, 2022
Undertow vulnerable to Denial of Service (DoS) attacks
High
CVE-2021-3859
was published
for
io.undertow:undertow-core
(Maven)
Jul 15, 2022
ManyDesigns Portofino subject to creation of insecure temporary file
High
CVE-2022-3952
was published
for
com.manydesigns:portofino
(Maven)
Nov 11, 2022
Arbitrary code execution in Apache Druid
High
CVE-2021-26919
was published
for
org.apache.druid:druid
(Maven)
Jun 16, 2021
Arbitrary filesystem write access from velocity.
High
CVE-2022-24897
was published
for
org.xwiki.commons:xwiki-commons-velocity
(Maven)
Apr 28, 2022
pgjdbc Does Not Check Class Instantiation when providing Plugin Classes
High
CVE-2022-21724
was published
for
org.postgresql:postgresql
(Maven)
Feb 2, 2022
org.xwiki.platform:xwiki-platform-oldcore vulnerable to data leak through deleted documents
High
CVE-2023-29208
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Apr 12, 2023
Agent-to-controller security bypass in Jenkins Debian Package Builder Plugin
High
CVE-2022-23118
was published
for
ru.yandex.jenkins.plugins.debuilder:debian-package-builder
(Maven)
Jan 13, 2022
Improper Privilege Management in Spring Framework
High
CVE-2021-22118
was published
for
org.springframework:spring-web
(Maven)
May 24, 2022
Hardcoded JWT Token in Lin CMS Spring Boot
High
CVE-2022-32430
was published
for
io.github.talelin:lin-cms-core
(Maven)
Jul 22, 2022
Jeecg P3 Biz Chat allows remote attackers to read arbitrary files
High
CVE-2023-33510
was published
for
org.jeecgframework.p3:jeecg-p3-biz-chat
(Maven)
Jun 7, 2023
Apache InLong Exposure of Resource to Wrong Sphere vulnerability
High
CVE-2023-31206
was published
for
org.apache.inlong:manager-dao
(Maven)
Jul 6, 2023
Apache InLong Exposure of Resource to Wrong Sphere vulnerability
High
CVE-2023-31103
was published
for
org.apache.inlong:manager-dao
(Maven)
Jul 6, 2023
XWiki Platform may show email addresses in clear in REST results
High
CVE-2023-35151
was published
for
org.xwiki.platform:xwiki-platform-rest-server
(Maven)
Jun 20, 2023
XWiki Platform may retrieve email addresses of all users
High
CVE-2023-34467
was published
for
org.xwiki.platform:xwiki-platform-livetable-ui
(Maven)
Jun 20, 2023
Apache Helix Front (UI) component contained a hard-coded secret
High
CVE-2024-22281
was published
for
org.apache.helix:helix
(Maven)
Aug 21, 2024
ProTip!
Advisories are also available from the
GraphQL API