GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+
130 advisories
Filter by severity
Incorrect Authorization in Apache Solr
Moderate
CVE-2018-11802
was published
for
org.apache.solr:solr-core
(Maven)
Feb 9, 2022
Incorrect Authorization in Apache Solr
Critical
CVE-2020-13957
was published
for
org.apache.solr:solr-parent
(Maven)
Feb 10, 2022
Incorrect Authorization in WildFly Elytron
High
CVE-2020-1748
was published
for
org.wildfly.security:wildfly-elytron
(Maven)
Feb 15, 2022
Access Control vulnerability within CoreNLP
Critical
CVE-2021-44550
was published
for
edu.stanford.nlp:stanford-corenlp
(Maven)
Feb 25, 2022
Improper Authorization in org.cometd.oort
High
CVE-2022-24721
was published
for
org.cometd.java:cometd-java-oort
(Maven)
Mar 15, 2022
Information Exposure in Apache Tapestry
High
CVE-2021-30638
was published
for
org.apache.tapestry:tapestry-core
(Maven)
Mar 18, 2022
Permissions bypass in SmallRye
Moderate
CVE-2020-1729
was published
for
io.smallrye.config:smallrye-config
(Maven)
Mar 18, 2022
Untrusted users can modify some Pipeline libraries in Jenkins Pipeline: Deprecated Groovy Libraries Plugin
High
CVE-2022-29047
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps-global-lib
(Maven)
Apr 13, 2022
Keycloak vulnerable to privilege escalation on Token Exchange feature
Critical
CVE-2022-1245
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 26, 2022
Improper authorization in Keycloak
Moderate
CVE-2022-1466
was published
for
org.keycloak:keycloak-core
(Maven)
Apr 27, 2022
Incorrect Authorization in Getahead Direct Web Remoting
High
CVE-2007-0184
was published
for
org.directwebremoting:dwr
(Maven)
May 1, 2022
Incorrect Authorization in Jenkins
Moderate
CVE-2018-1999003
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Incorrect Authorization in Jenkins
Moderate
CVE-2018-1999004
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Incorrect Authorization in Apache Tomcat
High
CVE-2016-6797
was published
for
org.apache.tomcat:tomcat
(Maven)
May 13, 2022
Incorrect Authorization in Jenkins
Moderate
CVE-2017-2599
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Incorrect Authorization in Jenkins Core
Moderate
CVE-2017-2611
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Apache Geode vulnerable to Incorrect Authorization
High
CVE-2017-15695
was published
for
org.apache.geode:geode-core
(Maven)
May 13, 2022
Jenkins HipChat Plugin allows credential capture due to incorrect authorization
High
CVE-2018-1000418
was published
for
org.jvnet.hudson.plugins:hipchat
(Maven)
May 13, 2022
Jenkins Jira Plugin Incorrect Authorization vulnerability
Moderate
CVE-2018-1000412
was published
for
org.jenkins-ci.plugins:jira
(Maven)
May 13, 2022
Incorrect Authorization in Undertow
Moderate
CVE-2017-12196
was published
for
io.undertow:undertow-core
(Maven)
May 13, 2022
Incorrect Authorization in Jenkins Gerrit Trigger Plugin
Moderate
CVE-2018-1000105
was published
for
com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger
(Maven)
May 13, 2022
Incorrect Authorization in Jenkins Gerrit Trigger Plugin
Moderate
CVE-2018-1000106
was published
for
com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger
(Maven)
May 13, 2022
Incorrect Authorization in Jenkins Git Plugin
Moderate
CVE-2018-1000110
was published
for
org.jenkins-ci.plugins:git
(Maven)
May 13, 2022
Jenkins Google Play Android Publisher Plugin allows attacker to obtain credential IDs
Moderate
CVE-2018-1000109
was published
for
org.jenkins-ci.plugins:google-play-android-publisher
(Maven)
May 13, 2022
Jenkins Subversion Plugin Incorrect Authorization vulnerability
Moderate
CVE-2018-1000111
was published
for
org.jenkins-ci.plugins:subversion
(Maven)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API