GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
261 advisories
Filter by severity
Vaadin vulnerable to possible information disclosure in non visible components.
Moderate
CVE-2023-25499
was published
for
com.vaadin:flow-server
(Maven)
Jun 22, 2023
Vaadin vulnerable to possible information disclosure of class and method names in RPC response
Low
CVE-2023-25500
was published
for
com.vaadin:flow-server
(Maven)
Jun 22, 2023
XWiki Platform's tags on non-viewable pages can be revealed to users
Moderate
CVE-2023-34466
was published
for
org.xwiki.platform:xwiki-platform-tag-api
(Maven)
Jun 20, 2023
Hazelcast vulnerable to unmasked password exposure
Moderate
CVE-2023-33264
was published
for
com.hazelcast:hazelcast
(Maven)
May 22, 2023
Exposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-office-viewer
High
CVE-2023-29517
was published
for
org.xwiki.platform:xwiki-platform-office-viewer
(Maven)
Apr 20, 2023
Eclipse Jetty's cookie parsing of quoted values can exfiltrate values from other cookies
Low
CVE-2023-26049
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Apr 18, 2023
Spring Session session ID can be logged to the standard output stream
Moderate
CVE-2023-20866
was published
for
org.springframework.session:spring-session-core
(Maven)
Apr 13, 2023
Exposure of Sensitive Information in OpenGoofy Hippo4j
Moderate
CVE-2023-27095
was published
for
cn.hippo4j:hippo4j-core
(Maven)
Mar 16, 2023
XWiki Platform packages Expose Sensitive Information to an Unauthorized Actor
High
CVE-2023-26476
was published
for
org.xwiki.platform:xwiki-platform-livetable-ui
(Maven)
Mar 3, 2023
Apache Linkis vulnerable to Exposure of Sensitive Information
Moderate
CVE-2022-44644
was published
for
org.apache.linkis:linkis
(Maven)
Jan 31, 2023
Field-level security issue with .keyword fields in OpenSearch
Moderate
CVE-2023-23613
was published
for
org.opensearch:opensearch-security
(Maven)
Jan 24, 2023
Apache James MIME4J vulnerable to information disclosure to local users
Moderate
CVE-2022-45787
was published
for
org.apache.james:apache-mime4j-storage
(Maven)
Jan 6, 2023
Apache James server allows an attacker with local access to access private user data in transit
Moderate
CVE-2022-45935
was published
for
org.apache.james:james-server
(Maven)
Jan 6, 2023
Apache CXF vulnerable to Exposure of Sensitive Information
High
CVE-2022-46363
was published
for
org.apache.cxf:cxf-core
(Maven)
Dec 13, 2022
Temporary File Information Disclosure vulnerability in MPXJ
Low
CVE-2022-41954
was published
for
mpxj
(Maven)
Nov 28, 2022
TemporaryFolder on unix-like systems does not limit access to created files
Moderate
CVE-2022-41946
was published
for
org.postgresql:postgresql
(Maven)
Nov 23, 2022
Password exposure in H2 Database
High
CVE-2022-45868
was published
for
com.h2database:h2
(Maven)
Nov 23, 2022
Exposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-livetable-ui
Moderate
CVE-2022-41935
was published
for
org.xwiki.platform:xwiki-platform-livetable-ui
(Maven)
Nov 21, 2022
Apache Archiva vulnerable to Sensitive Information Disclosure via anonymous user
High
CVE-2022-40308
was published
for
org.apache.archiva:archiva-common
(Maven)
Nov 15, 2022
Invalid HTTP requests in Reactor Netty HTTP Server may reveal access tokens
Moderate
CVE-2022-31684
was published
for
io.projectreactor.netty:reactor-netty-http
(Maven)
Oct 20, 2022
Webhook endpoint discloses job names to unauthorized users in Jenkins Mercurial Plugin
Moderate
CVE-2022-43410
was published
for
org.jenkins-ci.plugins:mercurial
(Maven)
Oct 19, 2022
ZK Framework vulnerable to malicious POST
High
CVE-2022-36537
was published
for
org.zkoss.zk:zk
(Maven)
Aug 27, 2022
XMLUI's metadata of withdrawn Items is exposed to anonymous users
Moderate
CVE-2022-31190
was published
for
org.dspace:dspace-xmlui
(Maven)
Aug 6, 2022
Lack of authentication mechanism in Jenkins Git Plugin webhook
Moderate
CVE-2022-36884
was published
for
org.jenkins-ci.plugins:git
(Maven)
Jul 28, 2022
UnsafeAccessor 1.4.0 until 1.7.0 has no security checking for UnsafeAccess.getInstance()
Moderate
CVE-2022-31139
was published
for
io.github.karlatemp:unsafe-accessor
(Maven)
Jul 12, 2022
ProTip!
Advisories are also available from the
GraphQL API