GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
261 advisories
Filter by severity
Authorization Before Parsing and Canonicalization in jetty
Moderate
CVE-2021-28164
was published
for
org.eclipse.jetty:jetty-webapp
(Maven)
Apr 6, 2021
Information Disclosure in Guava
Low
CVE-2020-8908
was published
for
com.google.guava:guava
(Maven)
Mar 25, 2021
Exposure of Sensitive Information to an Unauthorized Actor
Moderate
CVE-2021-22134
was published
for
org.elasticsearch:elasticsearch
(Maven)
Mar 18, 2021
Generated Code Contains Local Information Disclosure Vulnerability
Moderate
CVE-2021-21364
was published
for
io.swagger:swagger-codegen
(Maven)
Mar 11, 2021
TemporaryFolder on unix-like systems does not limit access to created files
Moderate
CVE-2020-15250
was published
for
junit:junit
(Maven)
Oct 12, 2020
Sensitive Data Exposure in Apache Ant
Moderate
CVE-2020-1945
was published
for
org.apache.ant:ant
(Maven)
Sep 14, 2020
XML External Entity Injection in XStream
High
CVE-2016-3674
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Jun 30, 2020
Polymorphic deserialization of malicious object in jackson-databind
High
CVE-2019-14892
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
May 15, 2020
IDOR can reveal execution data and logs to unauthorized user in Rundeck
Moderate
CVE-2020-11009
was published
for
org.rundeck:rundeck
(Maven)
Apr 29, 2020
Exposure of Sensitive Information to an Unauthorized Actor in Keycloak
Moderate
CVE-2019-14820
was published
for
org.keycloak:keycloak-core
(Maven)
Apr 15, 2020
Apache NiFi process group information disclosure
Moderate
CVE-2019-10083
was published
for
org.apache.nifi:nifi
(Maven)
Dec 2, 2019
Local file inclusion allows unauthorized access to internal resources in Alkacon OpenCms
Moderate
CVE-2019-13237
was published
for
org.opencms:opencms-core
(Maven)
Nov 12, 2019
Improper Neutralization of Wildcards or Matching Symbols
Moderate
CVE-2019-3802
was published
for
org.springframework.data:spring-data-jpa
(Maven)
Jun 4, 2019
Exposure of Sensitive Information to an Unauthorized Actor and SQL Injection in Spring Data JPA
Moderate
CVE-2019-3797
was published
for
org.springframework.data:spring-data-jpa
(Maven)
May 14, 2019
Exposure of Sensitive Information to an Unauthorized Actor in Keycloak
Moderate
CVE-2019-3868
was published
for
org.keycloak:keycloak-core
(Maven)
Apr 30, 2019
Information Exposure vulnerability in Eclipse Jetty
Moderate
CVE-2019-10246
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Apr 23, 2019
Installation information leak in Eclipse Jetty
Moderate
CVE-2019-10247
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Apr 23, 2019
Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark
Moderate
CVE-2018-1334
was published
for
org.apache.spark:spark-core_2.10
(Maven)
Mar 14, 2019
Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark via crafted URL
Moderate
CVE-2018-8024
was published
for
org.apache.spark:spark-core_2.10
(Maven)
Mar 14, 2019
Moderate severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service
Moderate
CVE-2017-12625
was published
for
org.apache.hive:hive
(Maven)
Mar 14, 2019
Exposure of Sensitive Information to an Unauthorized Actor in Hadoop
High
CVE-2018-1296
was published
for
org.apache.hadoop:hadoop-main
(Maven)
Feb 12, 2019
Exposure of Sensitive Information in Hadoop
Critical
CVE-2017-15718
was published
for
org.apache.hadoop:hadoop-main
(Maven)
Dec 21, 2018
Moderate severity vulnerability that affects org.apache.hadoop:hadoop-main
Moderate
CVE-2017-15713
was published
for
org.apache.hadoop:hadoop-main
(Maven)
Dec 21, 2018
Exposure of Sensitive Information to an Unauthorized Actor in Apache hive
Low
CVE-2018-1284
was published
for
org.apache.hive:hive
(Maven)
Nov 21, 2018
Jetty vulnerable to exposure of sensitive information to unauthenticated remote users
High
CVE-2015-2080
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Nov 9, 2018
ProTip!
Advisories are also available from the
GraphQL API