Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,872
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,951
npm
3,481
NuGet
605
pip
3,047
Pub
10
RubyGems
832
Rust
777
Swift
34
Unreviewed advisories
All unreviewed
5,000+

261 advisories

Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy Moderate
CVE-2016-6345 was published for org.jboss.resteasy:resteasy-client (Maven) May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Direct Web Remoting Moderate
CVE-2014-5325 was published for org.directwebremoting:dwr (Maven) May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Hadoop Moderate
CVE-2015-1776 was published for org.apache.hadoop:hadoop-common (Maven) May 17, 2022
Apache Ambari reveals administrator passwords Moderate
CVE-2016-4976 was published for org.apache.ambari:ambari (Maven) May 17, 2022
Apache Geode information disclosure vulnerability High
CVE-2017-5649 was published for org.apache.geode:geode-core (Maven) May 17, 2022
Apache Tomcat Allows Replacing of XML Parser Moderate
CVE-2011-2481 was published for org.apache.tomcat:tomcat (Maven) May 17, 2022
sunSUNQ
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat Low
CVE-2013-2071 was published for org.apache.tomcat:tomcat (Maven) May 17, 2022
Apache OpenMeetings displays Tomcat version and detailed error stack trace High
CVE-2017-7683 was published for org.apache.openmeetings:openmeetings-parent (Maven) May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins Critical
CVE-2017-1000362 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Qpid Broker for Java High
CVE-2016-8741 was published for org.apache.qpid:qpid-broker (Maven) May 17, 2022
The Undertow module of WildFly allows source code disclosure High
CVE-2015-3198 was published for org.wildfly:wildfly-parent (Maven) May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy Moderate
CVE-2011-5245 was published for org.jboss.resteasy:resteasy-jaxb-provider (Maven) May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy Moderate
CVE-2012-0818 was published for org.jboss.resteasy:resteasy-client (Maven) May 17, 2022
Apache Atlas produces Stack trace in error response High
CVE-2017-3154 was published for org.apache.atlas:atlas-common (Maven) May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Hadoop Critical
CVE-2016-3086 was published for org.apache.hadoop:hadoop-yarn-server-nodemanager (Maven) May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Directory LDAP API High
CVE-2015-3250 was published for org.apache.directory.api:api-ldap-model (Maven) May 17, 2022
Apache Geode gfsh query vulnerability Moderate
CVE-2017-9794 was published for org.apache.geode:geode-core (Maven) May 17, 2022
Jenkins Docker Commons Plugin allows any user with Overall/Read permission to get list of valid credentials IDs Moderate
CVE-2017-1000094 was published for org.jenkins-ci.plugins:docker-commons (Maven) May 17, 2022
Exposure of Sensitive Information in Jenkins Datadog plugin Low
CVE-2017-1000114 was published for org.datadog.jenkins.plugins:datadog (Maven) May 17, 2022
Jenkins Pipeline: Input Step Plugin High
CVE-2017-1000108 was published for org.jenkins-ci.plugins:pipeline-input-step (Maven) May 17, 2022
Apache MyFaces Vulnerable to EL Injection High
CVE-2011-4343 was published for org.apache.myfaces.core:myfaces-core-module (Maven) May 17, 2022
Jenkins GitHub Branch Source Plugin allows any user with Overall/Read permission to get list of valid credentials IDs Moderate
CVE-2017-1000087 was published for org.jenkins-ci.plugins:github-branch-source (Maven) May 17, 2022
Insecure temporary file usage in Jenkins Git Client Plugin Low
CVE-2017-1000242 was published for org.jenkins-ci.plugins:git-client (Maven) May 17, 2022
Exposure of Sensitive Information in Jenkins Core Moderate
CVE-2016-0790 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Exposure of Sensitive Information in Jenkins Core Critical
CVE-2016-0791 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
ProTip! Advisories are also available from the GraphQL API