Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

130 advisories

Loading
Incorrect Authorization in Apache Solr Moderate
CVE-2018-11802 was published for org.apache.solr:solr-core (Maven) Feb 9, 2022
Incorrect Authorization in Apache Solr Critical
CVE-2020-13957 was published for org.apache.solr:solr-parent (Maven) Feb 10, 2022
kurt-r2c
Incorrect Authorization in WildFly Elytron High
CVE-2020-1748 was published for org.wildfly.security:wildfly-elytron (Maven) Feb 15, 2022
Access Control vulnerability within CoreNLP Critical
CVE-2021-44550 was published for edu.stanford.nlp:stanford-corenlp (Maven) Feb 25, 2022
Improper Authorization in org.cometd.oort High
CVE-2022-24721 was published for org.cometd.java:cometd-java-oort (Maven) Mar 15, 2022
Information Exposure in Apache Tapestry High
CVE-2021-30638 was published for org.apache.tapestry:tapestry-core (Maven) Mar 18, 2022
Permissions bypass in SmallRye Moderate
CVE-2020-1729 was published for io.smallrye.config:smallrye-config (Maven) Mar 18, 2022
Untrusted users can modify some Pipeline libraries in Jenkins Pipeline: Deprecated Groovy Libraries Plugin High
CVE-2022-29047 was published for org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (Maven) Apr 13, 2022
NotMyFault
Keycloak vulnerable to privilege escalation on Token Exchange feature Critical
CVE-2022-1245 was published for org.keycloak:keycloak-services (Maven) Apr 26, 2022
knutz3n kurt-r2c
Improper authorization in Keycloak Moderate
CVE-2022-1466 was published for org.keycloak:keycloak-core (Maven) Apr 27, 2022
Incorrect Authorization in Getahead Direct Web Remoting High
CVE-2007-0184 was published for org.directwebremoting:dwr (Maven) May 1, 2022
Incorrect Authorization in Jenkins Moderate
CVE-2018-1999003 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Incorrect Authorization in Jenkins Moderate
CVE-2018-1999004 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Incorrect Authorization in Apache Tomcat High
CVE-2016-6797 was published for org.apache.tomcat:tomcat (Maven) May 13, 2022
sunSUNQ
Incorrect Authorization in Jenkins Moderate
CVE-2017-2599 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Incorrect Authorization in Jenkins Core Moderate
CVE-2017-2611 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Apache Geode vulnerable to Incorrect Authorization High
CVE-2017-15695 was published for org.apache.geode:geode-core (Maven) May 13, 2022
MarkLee131
Jenkins HipChat Plugin allows credential capture due to incorrect authorization High
CVE-2018-1000418 was published for org.jvnet.hudson.plugins:hipchat (Maven) May 13, 2022
Jenkins Jira Plugin Incorrect Authorization vulnerability Moderate
CVE-2018-1000412 was published for org.jenkins-ci.plugins:jira (Maven) May 13, 2022
Incorrect Authorization in Undertow Moderate
CVE-2017-12196 was published for io.undertow:undertow-core (Maven) May 13, 2022
Incorrect Authorization in Jenkins Gerrit Trigger Plugin Moderate
CVE-2018-1000105 was published for com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger (Maven) May 13, 2022
Incorrect Authorization in Jenkins Gerrit Trigger Plugin Moderate
CVE-2018-1000106 was published for com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger (Maven) May 13, 2022
Incorrect Authorization in Jenkins Git Plugin Moderate
CVE-2018-1000110 was published for org.jenkins-ci.plugins:git (Maven) May 13, 2022
Jenkins Google Play Android Publisher Plugin allows attacker to obtain credential IDs Moderate
CVE-2018-1000109 was published for org.jenkins-ci.plugins:google-play-android-publisher (Maven) May 13, 2022
Jenkins Subversion Plugin Incorrect Authorization vulnerability Moderate
CVE-2018-1000111 was published for org.jenkins-ci.plugins:subversion (Maven) May 13, 2022
ProTip! Advisories are also available from the GraphQL API