GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
67 advisories
Filter by severity
Exposure of Sensitive Information to an Unauthorized Actor
Moderate
CVE-2021-22134
was published
for
org.elasticsearch:elasticsearch
(Maven)
Mar 18, 2021
Authorization Before Parsing and Canonicalization in jetty
Moderate
CVE-2021-28164
was published
for
org.eclipse.jetty:jetty-webapp
(Maven)
Apr 6, 2021
Incorrect Authorization in Spring Cloud Netflix Zuul
Moderate
CVE-2021-22113
was published
for
org.springframework.cloud:spring-cloud-netflix-zuul
(Maven)
May 10, 2021
Broken Authentication in Atlassian Connect Spring Boot
Moderate
CVE-2021-26074
was published
for
com.atlassian.connect:atlassian-connect-spring-boot-starter
(Maven)
May 10, 2021
Encoded URIs can access WEB-INF directory in Eclipse Jetty
Moderate
CVE-2021-34429
was published
for
org.eclipse.jetty:jetty-webapp
(Maven)
Jul 19, 2021
Druid ingestion system Authenticated users can read data from other sources than intended
Moderate
CVE-2021-26920
was published
for
org.apache.druid:druid-core
(Maven)
Aug 13, 2021
Druid ingestion system Authenticated users can read data from other sources than intended
Moderate
CVE-2021-36749
was published
for
org.apache.druid:druid-core
(Maven)
Sep 27, 2021
Request injection in Spring Cloud Gateway
Moderate
CVE-2021-22051
was published
for
org.springframework.cloud:spring-cloud-gateway
(Maven)
Nov 10, 2021
Incorrect Authorization in Apache Ozone
Moderate
CVE-2021-39234
was published
for
org.apache.ozone:ozone-main
(Maven)
Nov 23, 2021
Improper Input Validation in Apache Pulsar
Moderate
CVE-2021-41571
was published
for
org.apache.pulsar:pulsar
(Maven)
Feb 2, 2022
Incorrect Authorization in keycloak
Moderate
CVE-2020-1725
was published
for
org.keycloak:keycloak-parent
(Maven)
Feb 9, 2022
Partial authorization bypass on document save in xwiki-platform
Moderate
CVE-2022-23615
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Feb 9, 2022
Incorrect Authorization in Apache Solr
Moderate
CVE-2018-11802
was published
for
org.apache.solr:solr-core
(Maven)
Feb 9, 2022
Permissions bypass in SmallRye
Moderate
CVE-2020-1729
was published
for
io.smallrye.config:smallrye-config
(Maven)
Mar 18, 2022
Improper authorization in Keycloak
Moderate
CVE-2022-1466
was published
for
org.keycloak:keycloak-core
(Maven)
Apr 27, 2022
Incorrect Authorization in Jenkins
Moderate
CVE-2018-1999003
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Incorrect Authorization in Jenkins
Moderate
CVE-2018-1999004
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Incorrect Authorization in Jenkins
Moderate
CVE-2017-2599
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Incorrect Authorization in Jenkins Core
Moderate
CVE-2017-2611
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Jenkins Jira Plugin Incorrect Authorization vulnerability
Moderate
CVE-2018-1000412
was published
for
org.jenkins-ci.plugins:jira
(Maven)
May 13, 2022
Incorrect Authorization in Undertow
Moderate
CVE-2017-12196
was published
for
io.undertow:undertow-core
(Maven)
May 13, 2022
Incorrect Authorization in Jenkins Git Plugin
Moderate
CVE-2018-1000110
was published
for
org.jenkins-ci.plugins:git
(Maven)
May 13, 2022
Jenkins Google Play Android Publisher Plugin allows attacker to obtain credential IDs
Moderate
CVE-2018-1000109
was published
for
org.jenkins-ci.plugins:google-play-android-publisher
(Maven)
May 13, 2022
Incorrect Authorization in Jenkins Gerrit Trigger Plugin
Moderate
CVE-2018-1000105
was published
for
com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger
(Maven)
May 13, 2022
Incorrect Authorization in Jenkins Gerrit Trigger Plugin
Moderate
CVE-2018-1000106
was published
for
com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger
(Maven)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API