GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,793
Erlang
29
GitHub Actions
16
Go
1,710
Maven
4,947
npm
3,475
NuGet
605
pip
3,001
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
34 advisories
Filter by severity
Privilege escalation in Strongbox
Moderate
GHSA-mhgm-52vg-pvvc
was published
for
com.schibsted.security:strongbox-sdk
(Maven)
Feb 16, 2023
http-cache-semantics vulnerable to Regular Expression Denial of Service
High
CVE-2022-25881
was published
for
http-cache-semantics
(Maven)
Jan 31, 2023
ff4j is vulnerable to Remote Code Execution (RCE)
Critical
CVE-2022-44262
was published
for
org.ff4j:ff4j-core
(Maven)
Dec 1, 2022
API keys stored in plain text by Jenkins Katalon Plugin
Moderate
CVE-2022-43419
was published
for
org.jenkins-ci.plugins:katalon
(Maven)
Oct 19, 2022
Gluu Oxauth before v4.4.1 vulnerable to Server-Side Request Forgery attacks via a crafted request_uri parameter
Critical
CVE-2022-36663
was published
for
org.gluu:oxauth-common
(Maven)
Sep 7, 2022
ZK Framework vulnerable to malicious POST
High
CVE-2022-36537
was published
for
org.zkoss.zk:zk
(Maven)
Aug 27, 2022
Eclipse Californium denial of service (DoS) via Datagram Transport Layer Security (DTLS) handshake on parameter mismatch
High
CVE-2022-2576
was published
for
org.eclipse.californium:californium-core
(Maven)
Jul 30, 2022
fabric8 kubernetes-client vulnerable
Moderate
CVE-2021-4178
was published
for
io.fabric8:kubernetes-client
(Maven)
Jul 15, 2022
Password stored in plain text by Jenkins Nomad Plugin
Moderate
CVE-2021-21681
was published
for
org.jenkins-ci.plugins:nomad
(Maven)
May 24, 2022
Jenkins Plugin Installation Manager Tool did not verify plugin downloads
Critical
CVE-2020-2320
was published
for
io.jenkins.plugin-management:plugin-management-parent-pom
(Maven)
May 24, 2022
XSS vulnerability in Jenkins Gatling Plugin
Moderate
CVE-2020-2173
was published
for
org.jenkins-ci.plugins:gatling
(Maven)
May 24, 2022
Jenkins Zulip Plugin vulnerable to Insufficiently Protected Credentials
High
CVE-2019-10476
was published
for
org.jenkins-ci.plugins:zulip
(Maven)
May 24, 2022
OHDSI WebAPI vulnerable to SQL Injection
Critical
CVE-2019-15563
was published
for
org.ohdsi:WebAPI
(Maven)
May 24, 2022
Authentication Bypass in Apache Tomcat
Moderate
CVE-2012-3546
was published
for
org.apache.tomcat:tomcat
(Maven)
May 17, 2022
Insufficient Verification of Data Authenticity in Apache Tomcat
Moderate
CVE-2017-7674
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Deserialization of Untrusted Data in Infinispan
High
CVE-2017-15089
was published
for
org.infinispan:infinispan-core
(Maven)
May 14, 2022
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
High
CVE-2017-7675
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Rundeck Community Edition vulnerable to Cross-site Scripting
Moderate
CVE-2019-6804
was published
for
org.rundeck:rundeck
(Maven)
May 13, 2022
Improper handling of case sensitivity in Spring Framework
High
CVE-2022-22968
was published
for
org.springframework:spring-context
(Maven)
Apr 15, 2022
Missing permission check in Jenkins RocketChat Notifier Plugin
Moderate
CVE-2022-28139
was published
for
org.jenkins-ci.plugins:rocketchatnotifier
(Maven)
Mar 30, 2022
Exposure of Sensitive Information to an Unauthorized Actor in LemMinX
Moderate
CVE-2022-0672
was published
for
org.eclipse.lemminx:lemminx-parent
(Maven)
Feb 19, 2022
Missing authentication in ShenYu
High
CVE-2022-23945
was published
for
org.apache.shenyu:shenyu-common
(Maven)
Jan 28, 2022
Password exposure in ShenYu
High
CVE-2022-23223
was published
for
org.apache.shenyu:shenyu-common
(Maven)
Jan 28, 2022
Missing authentication in ShenYu
Critical
CVE-2022-23944
was published
for
org.apache.shenyu:shenyu-common
(Maven)
Jan 28, 2022
Cross-site Scripting in Apereo CAS
Moderate
CVE-2021-42567
was published
for
org.apereo.cas:cas-server-core-web
(Maven)
Dec 10, 2021
ProTip!
Advisories are also available from the
GraphQL API