Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

63 advisories

Loading
Jetty vulnerable to exposure of sensitive information to unauthenticated remote users High
CVE-2015-2080 was published for org.eclipse.jetty:jetty-server (Maven) Nov 9, 2018
Apache Ignite communicates to an external PHP server where sensitive information is sent High
CVE-2017-7686 was published for org.apache.ignite:ignite-core (Maven) Oct 16, 2018
XML External Entity Injection in XStream High
CVE-2016-3674 was published for com.thoughtworks.xstream:xstream (Maven) Jun 30, 2020
Exposure of Sensitive Information to an Unauthorized Actor in Hadoop High
CVE-2018-1296 was published for org.apache.hadoop:hadoop-main (Maven) Feb 12, 2019
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat High
CVE-2017-12616 was published for org.apache.tomcat:tomcat-catalina (Maven) May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch High
CVE-2018-3831 was published for org.elasticsearch:elasticsearch (Maven) May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Jasypt High
CVE-2014-9970 was published for org.jasypt:jasypt (Maven) May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Directory LDAP API High
CVE-2015-3250 was published for org.apache.directory.api:api-ldap-model (Maven) May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Sling Servlets Post High
CVE-2016-0956 was published for org.apache.sling:org.apache.sling.servlets.post (Maven) May 14, 2022
Improper Input Validation in Undertow High
CVE-2020-1757 was published for io.undertow:undertow-core (Maven) May 24, 2022
yawkat
Jenkins Pipeline: Input Step Plugin High
CVE-2017-1000108 was published for org.jenkins-ci.plugins:pipeline-input-step (Maven) May 17, 2022
Apache Geode OQL method invocation vulnerability High
CVE-2017-9795 was published for org.apache.geode:geode-core (Maven) May 14, 2022
Apache Geode configuration request authorization vulnerability High
CVE-2017-15696 was published for org.apache.geode:geode-core (Maven) May 14, 2022
Apache Geode information disclosure vulnerability High
CVE-2017-5649 was published for org.apache.geode:geode-core (Maven) May 17, 2022
Apache Geode gfsh authorization vulnerability High
CVE-2017-12622 was published for org.apache.geode:geode-core (Maven) May 14, 2022
Information Exposure in Apache Tapestry High
CVE-2021-30638 was published for org.apache.tapestry:tapestry-core (Maven) Mar 18, 2022
Apache Archiva vulnerable to Sensitive Information Disclosure via anonymous user High
CVE-2022-40308 was published for org.apache.archiva:archiva-common (Maven) Nov 15, 2022
Exposure of Sensitive Information in Apache Pluto High
CVE-2018-1306 was published for org.apache.portals.pluto:pluto-container (Maven) May 14, 2022
Improper Removal of Sensitive Information Before Storage or Transfer in Apache Jackrabbit Oak High
CVE-2020-1940 was published for org.apache.jackrabbit:oak-core (Maven) Dec 10, 2021
Exposure of Sensitive Information to an Unauthorized Actor in Apache Wicket High
CVE-2020-11976 was published for org.apache.wicket:wicket-core (Maven) May 7, 2021
jacobovazquez
Exposure of Sensitive Information to an Unauthorized Actor in Concord High
CVE-2020-10591 was published for com.walmartlabs.concord.docker:concord-common (Maven) Feb 10, 2022
JBoss AS may expose root content if excluded-contexts list is mismatched High
CVE-2012-1094 was published for org.jboss.as:jboss-as-server (Maven) Apr 23, 2022
Apache OpenMeetings allows remote attackers to read arbitrary files by attempting to upload a file High
CVE-2016-2164 was published for org.apache.openmeetings:openmeetings-parent (Maven) May 14, 2022
Apache OpenMeetings displays Tomcat version and detailed error stack trace High
CVE-2017-7683 was published for org.apache.openmeetings:openmeetings-parent (Maven) May 17, 2022
Exposure of Sensitive Information in Apache Storm Logviewer High
CVE-2019-0202 was published for org.apache.storm:storm-core (Maven) May 24, 2022
ProTip! Advisories are also available from the GraphQL API