Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

5,926 advisories

Loading
Missing Authorization in Apache ZooKeeper High
CVE-2018-8012 was published for org.apache.zookeeper:zookeeper (Maven) May 13, 2022
Improper Authentication in Apache Tomcat Moderate
CVE-2013-2067 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
Improper Validation of Certificate with Host Mismatch in Shibboleth Identity Provider and OpenSAML Java Moderate
CVE-2014-3603 was published for edu.internet2.middleware:shibboleth-identityprovider (Maven) May 14, 2022
Denial of service in HtmlUnit-Neko High
CVE-2022-28366 was published for net.sourceforge.htmlunit:neko-htmlunit (Maven) Apr 23, 2022
Integer Overflow or Wraparound in JBCrypt Moderate
CVE-2015-0886 was published for org.mindrot:jbcrypt (Maven) May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins Moderate
CVE-2018-1000169 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Improper Access Control in Apache Derby Moderate
CVE-2018-1313 was published for org.apache.derby:derby (Maven) May 13, 2022
Improper Input Validation in Jenkins High
CVE-2017-1000391 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
OS Command Injection in Jenkins High
CVE-2017-1000393 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch Moderate
CVE-2018-17244 was published for org.elasticsearch:elasticsearch (Maven) May 13, 2022
Improper Authentication in Apache Kafka Moderate
CVE-2017-12610 was published for org.apache.kafka:kafka-clients (Maven) May 13, 2022
Improper Verification of Cryptographic Signature in Nimbus JOSE+JWT High
CVE-2017-12974 was published for com.nimbusds:nimbus-jose-jwt (Maven) May 13, 2022
Insufficient Session Expiration in Jenkins High
CVE-2019-1003049 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Improper Limitation of a Pathname to a Restricted Directory in zt-zip Moderate
CVE-2018-1002201 was published for org.zeroturnaround:zt-zip (Maven) May 13, 2022
Cross-Site Request Forgery in Jenkins Moderate
CVE-2017-2613 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Oracle MySQL Connectors Java Low
CVE-2017-3589 was published for mysql:mysql-connector-java (Maven) May 13, 2022
Improper Restriction of XML External Entity Reference in Apache Batik High
CVE-2017-5662 was published for org.apache.xmlgraphics:batik (Maven) May 13, 2022
Improper Restriction of XML External Entity Reference in Apace Derby Critical
CVE-2015-1832 was published for org.apache.derby:derby (Maven) May 13, 2022
Improper Input Validation in BeanShell High
CVE-2016-2510 was published for org.apache-extras.beanshell:bsh (Maven) May 13, 2022
Cross-site scripting in Apache Struts Low
CVE-2006-1548 was published for struts:struts (Maven) May 1, 2022
Improper Authentication in Mortbay Jetty High
CVE-2007-5614 was published for org.mortbay.jetty:jetty (Maven) May 1, 2022
Improper Neutralization of Input During Web Page Generation in Apache Hadoop Moderate
CVE-2017-3161 was published for org.apache.hadoop:hadoop-client (Maven) May 13, 2022
Server-Side Request Forgery in Jenkins Moderate
CVE-2018-1000067 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Path Traversal in Jenkins High
CVE-2018-1000194 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Injection in Jenkins Moderate
CVE-2018-1000193 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database