GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,872
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,951
npm
3,481
NuGet
605
pip
3,047
Pub
10
RubyGems
832
Rust
777
Swift
34
Unreviewed advisories
All unreviewed
5,000+
261 advisories
Filter by severity
Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy
Moderate
CVE-2016-6345
was published
for
org.jboss.resteasy:resteasy-client
(Maven)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Direct Web Remoting
Moderate
CVE-2014-5325
was published
for
org.directwebremoting:dwr
(Maven)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Hadoop
Moderate
CVE-2015-1776
was published
for
org.apache.hadoop:hadoop-common
(Maven)
May 17, 2022
Apache Ambari reveals administrator passwords
Moderate
CVE-2016-4976
was published
for
org.apache.ambari:ambari
(Maven)
May 17, 2022
Apache Geode information disclosure vulnerability
High
CVE-2017-5649
was published
for
org.apache.geode:geode-core
(Maven)
May 17, 2022
Apache Tomcat Allows Replacing of XML Parser
Moderate
CVE-2011-2481
was published
for
org.apache.tomcat:tomcat
(Maven)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
Low
CVE-2013-2071
was published
for
org.apache.tomcat:tomcat
(Maven)
May 17, 2022
Apache OpenMeetings displays Tomcat version and detailed error stack trace
High
CVE-2017-7683
was published
for
org.apache.openmeetings:openmeetings-parent
(Maven)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
Critical
CVE-2017-1000362
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Qpid Broker for Java
High
CVE-2016-8741
was published
for
org.apache.qpid:qpid-broker
(Maven)
May 17, 2022
The Undertow module of WildFly allows source code disclosure
High
CVE-2015-3198
was published
for
org.wildfly:wildfly-parent
(Maven)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy
Moderate
CVE-2011-5245
was published
for
org.jboss.resteasy:resteasy-jaxb-provider
(Maven)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy
Moderate
CVE-2012-0818
was published
for
org.jboss.resteasy:resteasy-client
(Maven)
May 17, 2022
Apache Atlas produces Stack trace in error response
High
CVE-2017-3154
was published
for
org.apache.atlas:atlas-common
(Maven)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Hadoop
Critical
CVE-2016-3086
was published
for
org.apache.hadoop:hadoop-yarn-server-nodemanager
(Maven)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Directory LDAP API
High
CVE-2015-3250
was published
for
org.apache.directory.api:api-ldap-model
(Maven)
May 17, 2022
Apache Geode gfsh query vulnerability
Moderate
CVE-2017-9794
was published
for
org.apache.geode:geode-core
(Maven)
May 17, 2022
Jenkins Docker Commons Plugin allows any user with Overall/Read permission to get list of valid credentials IDs
Moderate
CVE-2017-1000094
was published
for
org.jenkins-ci.plugins:docker-commons
(Maven)
May 17, 2022
Exposure of Sensitive Information in Jenkins Datadog plugin
Low
CVE-2017-1000114
was published
for
org.datadog.jenkins.plugins:datadog
(Maven)
May 17, 2022
Jenkins Pipeline: Input Step Plugin
High
CVE-2017-1000108
was published
for
org.jenkins-ci.plugins:pipeline-input-step
(Maven)
May 17, 2022
Apache MyFaces Vulnerable to EL Injection
High
CVE-2011-4343
was published
for
org.apache.myfaces.core:myfaces-core-module
(Maven)
May 17, 2022
Jenkins GitHub Branch Source Plugin allows any user with Overall/Read permission to get list of valid credentials IDs
Moderate
CVE-2017-1000087
was published
for
org.jenkins-ci.plugins:github-branch-source
(Maven)
May 17, 2022
Insecure temporary file usage in Jenkins Git Client Plugin
Low
CVE-2017-1000242
was published
for
org.jenkins-ci.plugins:git-client
(Maven)
May 17, 2022
Exposure of Sensitive Information in Jenkins Core
Moderate
CVE-2016-0790
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
Exposure of Sensitive Information in Jenkins Core
Critical
CVE-2016-0791
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API