Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,871 advisories

Loading
Insufficiently Protected Credentials in Elasticsearch Moderate
CVE-2021-22132 was published for org.elasticsearch:elasticsearch (Maven) Mar 18, 2021
Privilege Escalation Flaw in Elasticsearch Moderate
CVE-2020-7014 was published for org.elasticsearch:elasticsearch (Maven) Mar 18, 2021
Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2021-22134 was published for org.elasticsearch:elasticsearch (Maven) Mar 18, 2021
Keycloak Missing authentication for critical function Moderate
CVE-2021-20262 was published for org.keycloak:keycloak-core (Maven) Mar 12, 2021
Cross-site scripting (XSS) in Apache Velocity Tools Moderate
CVE-2020-13959 was published for org.apache.velocity.tools:velocity-tools-parent (Maven) Mar 12, 2021
Generated Code Contains Local Information Disclosure Vulnerability Moderate
CVE-2021-21364 was published for io.swagger:swagger-codegen (Maven) Mar 11, 2021
JLLeitschuh
DOS vulnerability for Quoted Quality CSV headers Moderate
CVE-2020-27223 was published for org.eclipse.jetty:jetty-server (Maven) Mar 10, 2021
trontti bd-mtv
bronallo-bd
Possible request smuggling in HTTP/2 due missing validation Moderate
CVE-2021-21295 was published for io.netty:netty (Maven) Mar 9, 2021
artgon carl-mastrangelo
westonsteimel
NanoHTTPD Cross-site Scripting vulnerability Moderate
CVE-2020-13697 was published for org.nanohttpd:nanohttpd-nanolets (Maven) Feb 25, 2021
Local Information Disclosure Vulnerability in Netty on Unix-Like systems Moderate
CVE-2021-21290 was published for io.netty:netty (Maven) Feb 8, 2021
JLLeitschuh westonsteimel
Cross Site Scripting (XSS) in XWiki Moderate
CVE-2021-3137 was published for org.xwiki.commons:xwiki-commons (Maven) Jan 29, 2021
Server-Side Forgery Request can be activated unmarshalling with XStream Moderate
CVE-2020-26258 was published for com.thoughtworks.xstream:xstream (Maven) Dec 21, 2020
vulnerability-analyst
XStream vulnerable to an Arbitrary File Deletion on the local host when unmarshalling Moderate
CVE-2020-26259 was published for com.thoughtworks.xstream:xstream (Maven) Dec 21, 2020
MPXJ path Traversal vulnerability Moderate
CVE-2020-35460 was published for net.sf.mpxj:mpxj (Maven) Dec 18, 2020
Information Disclosure in Apache Groovy Moderate
CVE-2020-17521 was published for org.codehaus.groovy:groovy (Maven) Dec 9, 2020
SebGondron
Buffer not correctly recycled in Gzip Request inflation Moderate
CVE-2020-27218 was published for org.eclipse.jetty:jetty-server (Maven) Dec 2, 2020
easbar karussell
Ciphertext Malleability Issue in Tink Java Moderate
CVE-2020-8929 was published for com.google.crypto.tink:tink (Maven) Oct 16, 2020
reteptilian
TemporaryFolder on unix-like systems does not limit access to created files Moderate
CVE-2020-15250 was published for junit:junit (Maven) Oct 12, 2020
JLLeitschuh
Man-in-the-middle attack in Apache Axis Moderate
CVE-2012-5784 was published for axis:axis (Maven) Oct 7, 2020
Sensitive Data Exposure in Apache Ant Moderate
CVE-2020-1945 was published for org.apache.ant:ant (Maven) Sep 14, 2020
Cross-Site Scripting in jquery Moderate
CVE-2012-6708 was published for jQuery (RubyGems) Sep 1, 2020
klaudialax
CSRF in Play Framework Moderate
CVE-2020-12480 was published for com.typesafe.play:play_2.12 (Maven) Aug 18, 2020
SQL Injection in Kylin Moderate
CVE-2020-1937 was published for org.apache.kylin:kylin-server-base (Maven) Jul 27, 2020
Directory traversal in Apache RocketMQ Moderate
CVE-2019-17572 was published for org.apache.rocketmq:rocketmq-broker (Maven) Jul 1, 2020
Privilege escalation in mysql-connector-jav Moderate
CVE-2019-2692 was published for mysql:mysql-connector-java (Maven) Jul 1, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database