Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

174 advisories

Loading
Moderate severity vulnerability that affects org.apache.qpid:proton-j Moderate
CVE-2016-2166 was published for org.apache.qpid:proton-j (Maven) Oct 16, 2018
Apache Tika Server exposes sensitive information Moderate
CVE-2015-3271 was published for org.apache.tika:tika-server (Maven) Oct 17, 2018
Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15 Moderate
CVE-2015-7940 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 17, 2018
Moderate severity vulnerability that affects org.apache.storm:storm-core Moderate
CVE-2018-1332 was published for org.apache.storm:storm-core (Maven) Oct 17, 2018
Moderate severity vulnerability that affects org.apache.mesos:mesos Moderate
CVE-2018-8023 was published for org.apache.mesos:mesos (Maven) Oct 17, 2018
keycloak-core vulnerable to timing attacks against JWS token verification Moderate
CVE-2017-2585 was published for org.keycloak:keycloak-core (Maven) Oct 18, 2018
keycloak-core discloses system properties Moderate
CVE-2017-2582 was published for org.keycloak:keycloak-core (Maven) Oct 18, 2018
Exposure of Sensitive Information to an Unauthorized Actor in Apache syncope-cope Moderate
CVE-2018-1322 was published for org.apache.syncope:syncope-core (Maven) Nov 6, 2018
MarkLee131
Moderate severity vulnerability that affects org.apache.hadoop:hadoop-main Moderate
CVE-2017-15713 was published for org.apache.hadoop:hadoop-main (Maven) Dec 21, 2018
Moderate severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service Moderate
CVE-2017-12625 was published for org.apache.hive:hive (Maven) Mar 14, 2019
Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark via crafted URL Moderate
CVE-2018-8024 was published for org.apache.spark:spark-core_2.10 (Maven) Mar 14, 2019
Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark Moderate
CVE-2018-1334 was published for org.apache.spark:spark-core_2.10 (Maven) Mar 14, 2019
Installation information leak in Eclipse Jetty Moderate
CVE-2019-10247 was published for org.eclipse.jetty:jetty-server (Maven) Apr 23, 2019
Information Exposure vulnerability in Eclipse Jetty Moderate
CVE-2019-10246 was published for org.eclipse.jetty:jetty-server (Maven) Apr 23, 2019
Exposure of Sensitive Information to an Unauthorized Actor in Keycloak Moderate
CVE-2019-3868 was published for org.keycloak:keycloak-core (Maven) Apr 30, 2019
Exposure of Sensitive Information to an Unauthorized Actor and SQL Injection in Spring Data JPA Moderate
CVE-2019-3797 was published for org.springframework.data:spring-data-jpa (Maven) May 14, 2019
Improper Neutralization of Wildcards or Matching Symbols Moderate
CVE-2019-3802 was published for org.springframework.data:spring-data-jpa (Maven) Jun 4, 2019
Local file inclusion allows unauthorized access to internal resources in Alkacon OpenCms Moderate
CVE-2019-13237 was published for org.opencms:opencms-core (Maven) Nov 12, 2019
Apache NiFi process group information disclosure Moderate
CVE-2019-10083 was published for org.apache.nifi:nifi (Maven) Dec 2, 2019
Exposure of Sensitive Information to an Unauthorized Actor in Keycloak Moderate
CVE-2019-14820 was published for org.keycloak:keycloak-core (Maven) Apr 15, 2020
IDOR can reveal execution data and logs to unauthorized user in Rundeck Moderate
CVE-2020-11009 was published for org.rundeck:rundeck (Maven) Apr 29, 2020
Sensitive Data Exposure in Apache Ant Moderate
CVE-2020-1945 was published for org.apache.ant:ant (Maven) Sep 14, 2020
TemporaryFolder on unix-like systems does not limit access to created files Moderate
CVE-2020-15250 was published for junit:junit (Maven) Oct 12, 2020
JLLeitschuh
Generated Code Contains Local Information Disclosure Vulnerability Moderate
CVE-2021-21364 was published for io.swagger:swagger-codegen (Maven) Mar 11, 2021
JLLeitschuh
Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2021-22134 was published for org.elasticsearch:elasticsearch (Maven) Mar 18, 2021
ProTip! Advisories are also available from the GraphQL API