GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,872
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,951
npm
3,481
NuGet
605
pip
3,047
Pub
10
RubyGems
832
Rust
777
Swift
34
Unreviewed advisories
All unreviewed
5,000+
167 advisories
Filter by severity
BoringSSLAEADContext in Netty Repeats Nonces
Moderate
CVE-2024-36121
was published
for
io.netty.incubator:netty-incubator-codec-ohttp
(Maven)
Jun 5, 2024
XWiki Platform: Password hash might be leaked by diff once the xobject holding them is deleted
Moderate
CVE-2024-31464
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Apr 10, 2024
Eclipse Vert.x memory leak
Moderate
CVE-2024-1023
was published
for
io.vertx:vertx-core
(Maven)
Mar 27, 2024
Apache ZooKeeper vulnerable to information disclosure in persistent watchers handling
Moderate
CVE-2024-23944
was published
for
org.apache.zookeeper:zookeeper
(Maven)
Mar 15, 2024
Shared projects are unconditionally discovered by Jenkins GitLab Branch Source Plugin
Moderate
CVE-2024-23901
was published
for
io.jenkins.plugins:gitlab-branch-source
(Maven)
Jan 24, 2024
Apache Solr allows read access to host environmet variables
Moderate
CVE-2023-50290
was published
for
org.apache.solr:solr-core
(Maven)
Jan 15, 2024
Solr search discloses email addresses of users
Moderate
CVE-2023-50720
was published
for
org.xwiki.platform:xwiki-platform-search-solr-api
(Maven)
Dec 16, 2023
Displayed in plain text by Dingding JSON Pusher Plugin
Moderate
CVE-2023-50773
was published
for
com.zintow:dingding-json-pusher
(Maven)
Dec 13, 2023
Quarkus Cache Runtime exposes sensitive information to an unauthorized actor
Moderate
CVE-2023-6393
was published
for
io.quarkus:quarkus-cache
(Maven)
Dec 6, 2023
Apache DolphinScheduler Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Moderate
CVE-2023-49068
was published
for
org.apache.dolphinscheduler:dolphinscheduler-api
(Maven)
Nov 27, 2023
wildfly-core Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Moderate
CVE-2023-4061
was published
for
org.wildfly.core:wildfly-controller
(Maven)
Nov 8, 2023
Jenkins Warnings Plugin exposures system-scoped credentials
Moderate
CVE-2023-46651
was published
for
io.jenkins.plugins:warnings-ng
(Maven)
Oct 25, 2023
Credential leakage in Jenkins Plug-in for ServiceNow
Moderate
CVE-2023-3414
was published
for
io.jenkins.plugins:servicenow-devops
(Maven)
Jul 26, 2023
Apache MINA SSHD information disclosure vulnerability
Moderate
CVE-2023-35887
was published
for
org.apache.sshd:sshd-common
(Maven)
Jul 10, 2023
Vaadin vulnerable to possible information disclosure in non visible components.
Moderate
CVE-2023-25499
was published
for
com.vaadin:flow-server
(Maven)
Jun 22, 2023
XWiki Platform's tags on non-viewable pages can be revealed to users
Moderate
CVE-2023-34466
was published
for
org.xwiki.platform:xwiki-platform-tag-api
(Maven)
Jun 20, 2023
Hazelcast vulnerable to unmasked password exposure
Moderate
CVE-2023-33264
was published
for
com.hazelcast:hazelcast
(Maven)
May 22, 2023
Spring Session session ID can be logged to the standard output stream
Moderate
CVE-2023-20866
was published
for
org.springframework.session:spring-session-core
(Maven)
Apr 13, 2023
Exposure of Sensitive Information in OpenGoofy Hippo4j
Moderate
CVE-2023-27095
was published
for
cn.hippo4j:hippo4j-core
(Maven)
Mar 16, 2023
Apache Linkis vulnerable to Exposure of Sensitive Information
Moderate
CVE-2022-44644
was published
for
org.apache.linkis:linkis
(Maven)
Jan 31, 2023
Field-level security issue with .keyword fields in OpenSearch
Moderate
CVE-2023-23613
was published
for
org.opensearch:opensearch-security
(Maven)
Jan 24, 2023
Apache James MIME4J vulnerable to information disclosure to local users
Moderate
CVE-2022-45787
was published
for
org.apache.james:apache-mime4j-storage
(Maven)
Jan 6, 2023
Apache James server allows an attacker with local access to access private user data in transit
Moderate
CVE-2022-45935
was published
for
org.apache.james:james-server
(Maven)
Jan 6, 2023
TemporaryFolder on unix-like systems does not limit access to created files
Moderate
CVE-2022-41946
was published
for
org.postgresql:postgresql
(Maven)
Nov 23, 2022
Exposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-livetable-ui
Moderate
CVE-2022-41935
was published
for
org.xwiki.platform:xwiki-platform-livetable-ui
(Maven)
Nov 21, 2022
ProTip!
Advisories are also available from the
GraphQL API