Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

5,926 advisories

Loading
Weak Password Requirements in UnboundID LDAP SDK Critical
CVE-2018-1000134 was published for com.unboundid:unboundid-ldapsdk (Maven) May 13, 2022
Incorrect Authorization in Jenkins Git Plugin Moderate
CVE-2018-1000110 was published for org.jenkins-ci.plugins:git (Maven) May 13, 2022
Improper Input Validation in Apache Tomcat Moderate
CVE-2014-0033 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
Apache Geronimo console 1.0 vulnerable to cross-site scripting Moderate
CVE-2006-0254 was published for geronimo:geronimo-console-standard (Maven) May 1, 2022
westonsteimel
Improper Input Validation in Spring AMQP Critical
CVE-2016-2173 was published for org.springframework.amqp:spring-amqp (Maven) May 13, 2022
Improper Input Validation in libpam4j Moderate
CVE-2017-12197 was published for org.kohsuke:libpam4j (Maven) May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins-mailer-plugin Low
CVE-2017-2651 was published for org.jenkins-ci.plugins:mailer (Maven) May 13, 2022
Improper Neutralization of Input During Web Page Generation in Jenkins Moderate
CVE-2017-2607 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Policies not properly enforced in OWASP Java HTML Sanitizer Critical
CVE-2021-42575 was published for com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer (Maven) Oct 19, 2021
XStream can cause a Denial of Service Moderate
CVE-2021-39140 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
Improper Handling of Length Parameter Inconsistency in Compress High
CVE-2021-35517 was published for org.apache.commons:commons-compress (Maven) Aug 2, 2021
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39145 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
Li4n0
XStream is vulnerable to an Arbitrary Code Execution attack High
CVE-2021-39146 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
Improper Privilege Management in Apache Hadoop High
CVE-2020-9492 was published for org.apache.hadoop:hadoop-common (Maven) Feb 9, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Undertow Moderate
CVE-2018-14642 was published for io.undertow:undertow-core (Maven) May 13, 2022
Protection Mechanism Failure in Jenkins Script Security Plugin High
CVE-2019-1003000 was published for org.jenkins-ci.plugins:script-security (Maven) May 13, 2022
Resource Exhaustion in Spring Security High
CVE-2021-22119 was published for org.springframework.security:spring-security-core (Maven) Jul 2, 2021
Uncontrolled memory consumption Moderate
CVE-2021-31811 was published for org.apache.pdfbox:pdfbox (Maven) Jun 15, 2021
TwitterServer Cross-site Scripting via /histograms endpoint Moderate
CVE-2020-35774 was published for com.twitter:twitter-server_2.12 (Maven) Feb 9, 2022
Improper Input Validation in Jenkins High
CVE-2017-1000394 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Improper Restriction of XML External Entity Reference in Apache FOP High
CVE-2017-5661 was published for org.apache.xmlgraphics:fop (Maven) May 13, 2022
Improper Certificate Validation in OkHttp Moderate
CVE-2016-2402 was published for com.squareup.okhttp3:okhttp (Maven) May 13, 2022
Improper Restriction of XML External Entity Reference in Apache uimaj Moderate
CVE-2017-15691 was published for org.apache.uima:uimafit-core (Maven) May 14, 2022
Uncontrolled Resource Consumption in Apache ZooKeeper High
CVE-2017-5637 was published for org.apache.zookeeper:zookeeper (Maven) May 13, 2022
Improper Authorization in Jenkins Moderate
CVE-2018-1000408 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database