GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,793
Erlang
29
GitHub Actions
16
Go
1,710
Maven
4,947
npm
3,475
NuGet
605
pip
3,001
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
59 advisories
Filter by severity
Liferay Portal vulnerable to user impersonation
High
CVE-2024-25148
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 8, 2024
Apache Pulsar SASL Authentication Provider observable timing discrepancy vulnerability
High
CVE-2023-51437
was published
for
org.apache.pulsar:pulsar-broker-auth-sasl
(Maven)
Feb 7, 2024
Solr search discloses password hashes of all users
High
CVE-2023-50719
was published
for
org.xwiki.platform:xwiki-platform-search-solr-api
(Maven)
Dec 16, 2023
Apache DolphinScheduler sensitive information disclosure
High
CVE-2023-48796
was published
for
org.apache.dolphinscheduler:dolphinscheduler
(Maven)
Nov 24, 2023
Quarkus OIDC can leak both ID and access tokens
High
CVE-2023-1584
was published
for
io.quarkus:quarkus-oidc
(Maven)
Oct 4, 2023
Exposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-office-viewer
High
CVE-2023-29517
was published
for
org.xwiki.platform:xwiki-platform-office-viewer
(Maven)
Apr 20, 2023
XWiki Platform packages Expose Sensitive Information to an Unauthorized Actor
High
CVE-2023-26476
was published
for
org.xwiki.platform:xwiki-platform-livetable-ui
(Maven)
Mar 3, 2023
Apache CXF vulnerable to Exposure of Sensitive Information
High
CVE-2022-46363
was published
for
org.apache.cxf:cxf-core
(Maven)
Dec 13, 2022
Password exposure in H2 Database
High
CVE-2022-45868
was published
for
com.h2database:h2
(Maven)
Nov 23, 2022
Apache Archiva vulnerable to Sensitive Information Disclosure via anonymous user
High
CVE-2022-40308
was published
for
org.apache.archiva:archiva-common
(Maven)
Nov 15, 2022
ZK Framework vulnerable to malicious POST
High
CVE-2022-36537
was published
for
org.zkoss.zk:zk
(Maven)
Aug 27, 2022
xxl-job sensitive data exposure
High
CVE-2020-23811
was published
for
com.xuxueli:xxl-job
(Maven)
May 24, 2022
Improper Input Validation in Undertow
High
CVE-2020-1757
was published
for
io.undertow:undertow-core
(Maven)
May 24, 2022
Exposure of Sensitive Information in Apache Storm Logviewer
High
CVE-2019-0202
was published
for
org.apache.storm:storm-core
(Maven)
May 24, 2022
Apache Geode information disclosure vulnerability
High
CVE-2017-5649
was published
for
org.apache.geode:geode-core
(Maven)
May 17, 2022
Apache OpenMeetings displays Tomcat version and detailed error stack trace
High
CVE-2017-7683
was published
for
org.apache.openmeetings:openmeetings-parent
(Maven)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Qpid Broker for Java
High
CVE-2016-8741
was published
for
org.apache.qpid:qpid-broker
(Maven)
May 17, 2022
The Undertow module of WildFly allows source code disclosure
High
CVE-2015-3198
was published
for
org.wildfly:wildfly-parent
(Maven)
May 17, 2022
Apache Atlas produces Stack trace in error response
High
CVE-2017-3154
was published
for
org.apache.atlas:atlas-common
(Maven)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Directory LDAP API
High
CVE-2015-3250
was published
for
org.apache.directory.api:api-ldap-model
(Maven)
May 17, 2022
Apache MyFaces Vulnerable to EL Injection
High
CVE-2011-4343
was published
for
org.apache.myfaces.core:myfaces-core-module
(Maven)
May 17, 2022
Jenkins Pipeline: Input Step Plugin
High
CVE-2017-1000108
was published
for
org.jenkins-ci.plugins:pipeline-input-step
(Maven)
May 17, 2022
Apache Geode gfsh authorization vulnerability
High
CVE-2017-12622
was published
for
org.apache.geode:geode-core
(Maven)
May 14, 2022
Apache Sling JCR ContentLoader XmlReader Arbitrary File Load
High
CVE-2012-3353
was published
for
org.apache.sling:org.apache.sling.jcr.contentloader
(Maven)
May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Jasypt
High
CVE-2014-9970
was published
for
org.jasypt:jasypt
(Maven)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API