GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+
1,932 advisories
Filter by severity
Cross Site Request Forgery in Mingsoft MCMS
High
CVE-2022-27340
was published
for
net.mingsoft:ms-mcms
(Maven)
Apr 23, 2022
XML External Entity Reference in detekt
High
CVE-2022-0272
was published
for
io.gitlab.arturbosch.detekt:detekt-core
(Maven)
Apr 22, 2022
JFinal file validation vulnerability
High
CVE-2019-17352
was published
for
com.jfinal:jfinal
(Maven)
May 25, 2022
RESTEasy 4.5.5.Final in hash flooding
High
CVE-2020-14326
was published
for
org.jboss.resteasy:resteasy-bom
(Maven)
Mar 18, 2022
In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin.
High
CVE-2021-45457
was published
for
org.apache.kylin:kylin
(Maven)
Jan 8, 2022
ECP SAML binding bypasses authentication flows
High
CVE-2021-3827
was published
for
org.keycloak:keycloak-saml-core
(Maven)
Apr 27, 2022
Improper input validation in Mort Bay Jetty
High
CVE-2009-4611
was published
for
org.mortbay.jetty:jetty
(Maven)
May 2, 2022
Path Traversal in Jenkins
High
CVE-2018-1000194
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Improper Authentication in Mortbay Jetty
High
CVE-2007-5614
was published
for
org.mortbay.jetty:jetty
(Maven)
May 1, 2022
Improper Restriction of XML External Entity Reference in Apache Batik
High
CVE-2017-5662
was published
for
org.apache.xmlgraphics:batik
(Maven)
May 13, 2022
Improper Input Validation in BeanShell
High
CVE-2016-2510
was published
for
org.apache-extras.beanshell:bsh
(Maven)
May 13, 2022
Insufficient Session Expiration in Jenkins
High
CVE-2019-1003049
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Improper Verification of Cryptographic Signature in Nimbus JOSE+JWT
High
CVE-2017-12974
was published
for
com.nimbusds:nimbus-jose-jwt
(Maven)
May 13, 2022
Improper Input Validation in Jenkins
High
CVE-2017-1000391
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
OS Command Injection in Jenkins
High
CVE-2017-1000393
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
High
CVE-2017-12616
was published
for
org.apache.tomcat:tomcat-catalina
(Maven)
May 14, 2022
Missing Authorization in Apache ZooKeeper
High
CVE-2018-8012
was published
for
org.apache.zookeeper:zookeeper
(Maven)
May 13, 2022
Denial of service in HtmlUnit-Neko
High
CVE-2022-28366
was published
for
net.sourceforge.htmlunit:neko-htmlunit
(Maven)
Apr 23, 2022
Improper Restriction of XML External Entity Reference in PMD
High
CVE-2019-7722
was published
for
net.sourceforge.pmd:pmd-core
(Maven)
May 14, 2022
Incorrect Authorization in Getahead Direct Web Remoting
High
CVE-2007-0184
was published
for
org.directwebremoting:dwr
(Maven)
May 1, 2022
Injection in Jolokia agent
High
CVE-2018-1000130
was published
for
org.jolokia:jolokia-core
(Maven)
May 14, 2022
Improper Input Validation in Apache Hadoop
High
CVE-2017-3162
was published
for
org.apache.hadoop:hadoop-client
(Maven)
May 13, 2022
Improper Access Control in Elasticsearch
High
CVE-2019-7611
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 13, 2022
Improper Limitation of a Pathname to a Restricted Directory in Jboss EAP Undertow
High
CVE-2018-1048
was published
for
org.jboss.eap:wildfly-undertow
(Maven)
May 13, 2022
Insecure Inherited Permissions in Apache Hadoop
High
CVE-2016-6811
was published
for
org.apache.hadoop:hadoop-common
(Maven)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API