Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,358
Erlang
33
GitHub Actions
22
Go
2,121
Maven
5,000+
npm
3,783
NuGet
683
pip
3,465
Pub
12
RubyGems
893
Rust
892
Swift
38
Unreviewed advisories
All unreviewed
5,000+

58 advisories

Loading
Apache Cassandra: unrestricted deserialization of JMX authentication credentials Moderate
CVE-2024-27137 was published for org.apache.cassandra:cassandra-all (Maven) Feb 4, 2025
Temporary File Information Disclosure vulnerability in MPXJ Low
CVE-2022-41954 was published for mpxj (Maven) Nov 28, 2022
JLLeitschuh jkmartindale
Apache Helix Front (UI) component contained a hard-coded secret High
CVE-2024-22281 was published for org.apache.helix:helix (Maven) Aug 21, 2024
Microsoft: CBC Padding Oracle in Azure Blob Storage Encryption Library Moderate
CVE-2022-30187 was published for Azure.Storage.Blobs (Maven) Jul 13, 2022
andrewpollock
Exposure of Resource to Wrong Sphere in Apache Tomcat Critical
CVE-2017-5648 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) May 13, 2022
sunSUNQ westonsteimel
TemporaryFolder on unix-like systems does not limit access to created files Moderate
CVE-2022-41946 was published for org.postgresql:postgresql (Maven) Nov 23, 2022
JLLeitschuh vlsi
CodenameOne Pending Intent vulnerability Critical
CVE-2022-4903 was published for com.codenameone:codenameone-core (Maven) Feb 10, 2023
Jenkins HTTP Request Plugin stores HTTP Request passwords unencrypted Low
CVE-2022-36901 was published for org.jenkins-ci.plugins:http_request (Maven) Jul 28, 2022
NotMyFault
Missing permission checks in SSH Agent Plugin allow enumerating credentials IDs Moderate
CVE-2022-20620 was published for org.jenkins-ci.plugins:ssh-agent (Maven) Jan 13, 2022
westonsteimel
Jenkins JIRA Plugin allows users to select and use credentials with System scope Moderate
CVE-2019-16541 was published for org.jenkins-ci.plugins:jira (Maven) May 24, 2022
RestEasy Reactive implementation of Quarkus allows Creation of Temporary File With Insecure Permissions Low
CVE-2023-0481 was published for io.quarkus.resteasy.reactive:resteasy-reactive-common (Maven) Feb 24, 2023
joshbressers
Exposure of sensitive information in Apache Ozone Critical
CVE-2021-39231 was published for org.apache.ozone:ozone-main (Maven) Nov 23, 2021
XWiki Platform may retrieve email addresses of all users High
CVE-2023-34467 was published for org.xwiki.platform:xwiki-platform-livetable-ui (Maven) Jun 20, 2023
floerer
XWiki Platform may show email addresses in clear in REST results High
CVE-2023-35151 was published for org.xwiki.platform:xwiki-platform-rest-server (Maven) Jun 20, 2023
Secret displayed without masking by Chef Identity Plugin Low
CVE-2023-39155 was published for org.jenkins-ci.plugins:chef-identity (Maven) Jul 26, 2023
org.xwiki.platform:xwiki-platform-oldcore may leak data through deleted and re-created documents Moderate
CVE-2023-37911 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Oct 25, 2023
Apache InLong Exposure of Resource to Wrong Sphere vulnerability High
CVE-2023-31103 was published for org.apache.inlong:manager-dao (Maven) Jul 6, 2023
Apache InLong Exposure of Resource to Wrong Sphere vulnerability High
CVE-2023-31206 was published for org.apache.inlong:manager-dao (Maven) Jul 6, 2023
Jeecg P3 Biz Chat allows remote attackers to read arbitrary files High
CVE-2023-33510 was published for org.jeecgframework.p3:jeecg-p3-biz-chat (Maven) Jun 7, 2023
Apache InLong: General user can delete and update process Moderate
CVE-2023-34189 was published for org.apache.inlong:inlong-manager (Maven) Jul 25, 2023
globalpom-utils has Insecure Temporary File Critical
CVE-2018-25068 was published for com.anrisoftware.globalpom:globalpomutils (Maven) Jan 6, 2023
Arbitrary file read vulnerability in Jenkins Tests Selector Plugin Moderate
CVE-2022-28160 was published for org.jenkins-ci.plugins:selected-tests-executor (Maven) Mar 30, 2022
NotMyFault
Jenkins Google Kubernetes Engine Plugin vulnerable to Exposure of Resource to Wrong Sphere Moderate
CVE-2019-10365 was published for org.jenkins-ci.plugins:google-kubernetes-engine (Maven) May 24, 2022
Druid ingestion system Authenticated users can read data from other sources than intended Moderate
CVE-2021-36749 was published for org.apache.druid:druid-core (Maven) Sep 27, 2021
Exposure of Resource to Wrong Sphere in Liferay Portal Moderate
CVE-2021-33330 was published for com.liferay.portal:release.portal.bom (Maven) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database