Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,170
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

65 advisories

Loading
Apache Ignite communicates to an external PHP server where sensitive information is sent High
CVE-2017-7686 was published for org.apache.ignite:ignite-core (Maven) Oct 16, 2018
Jetty vulnerable to exposure of sensitive information due to observable discrepancy High
CVE-2017-9735 was published for org.eclipse.jetty:jetty-server (Maven) Oct 19, 2018
westonsteimel
Jetty vulnerable to exposure of sensitive information to unauthenticated remote users High
CVE-2015-2080 was published for org.eclipse.jetty:jetty-server (Maven) Nov 9, 2018
Exposure of Sensitive Information to an Unauthorized Actor in Hadoop High
CVE-2018-1296 was published for org.apache.hadoop:hadoop-main (Maven) Feb 12, 2019
Polymorphic deserialization of malicious object in jackson-databind High
CVE-2019-14892 was published for com.fasterxml.jackson.core:jackson-databind (Maven) May 15, 2020
XML External Entity Injection in XStream High
CVE-2016-3674 was published for com.thoughtworks.xstream:xstream (Maven) Jun 30, 2020
Exposure of Sensitive Information to an Unauthorized Actor in Apache Wicket High
CVE-2020-11976 was published for org.apache.wicket:wicket-core (Maven) May 7, 2021
jacobovazquez
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat High
CVE-2021-25122 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jun 16, 2021
Exposure of Sensitive Information to an Unauthorized Actor in Apache Santuario High
CVE-2021-40690 was published for org.apache.santuario:xmlsec (Maven) Sep 20, 2021
Improper Removal of Sensitive Information Before Storage or Transfer in Apache Jackrabbit Oak High
CVE-2020-1940 was published for org.apache.jackrabbit:oak-core (Maven) Dec 10, 2021
Opencast publishes global system account credentials High
CVE-2018-16153 was published for org.opencastproject:opencast-common (Maven) Dec 14, 2021
gregorydlogan lkiesow
smarquard
Insertion of Sensitive Information into Log File in Apache NiFi High
CVE-2020-1942 was published for org.apache.nifi:nifi-framework-core (Maven) Jan 6, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat High
CVE-2020-17527 was published for org.apache.tomcat:tomcat-coyote (Maven) Feb 9, 2022
sunSUNQ
Exposure of Sensitive Information to an Unauthorized Actor in Concord High
CVE-2020-10591 was published for com.walmartlabs.concord.docker:concord-common (Maven) Feb 10, 2022
Information Exposure in Apache Tapestry High
CVE-2021-30638 was published for org.apache.tapestry:tapestry-core (Maven) Mar 18, 2022
JBoss AS may expose root content if excluded-contexts list is mismatched High
CVE-2012-1094 was published for org.jboss.as:jboss-as-server (Maven) Apr 23, 2022
Apache Tomcat Source Code Disclosure High
CVE-2002-1394 was published for org.apache.tomcat:tomcat (Maven) Apr 30, 2022
Apache Tomcat allows remote attackers to read JSP source files High
CVE-2005-4836 was published for org.apache.tomcat:tomcat (Maven) May 1, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch High
CVE-2018-3831 was published for org.elasticsearch:elasticsearch (Maven) May 13, 2022
Apache Wicket Sensitive Data Exposure High
CVE-2014-3526 was published for org.apache.wicket:wicket-core (Maven) May 13, 2022
CSRF vulnerability and missing permission checks in Openstack Cloud Plugin allowed capturing credentials High
CVE-2018-1000603 was published for org.jenkins-ci.plugins:openstack-cloud (Maven) May 13, 2022
CSRF vulnerability and missing permission checks in GitHub Plugin allowed capturing credentials High
CVE-2018-1000600 was published for com.coravy.hudson.plugins.github:github (Maven) May 13, 2022
Jenkins Accurev Plugin CSRF vulnerability and missing permission checks High
CVE-2018-1999028 was published for org.jenkins-ci.plugins:accurev (Maven) May 13, 2022
Exposure of Sensitive Information in Jenkins Kubernetes Plugin High
CVE-2018-1999040 was published for org.csanchez.jenkins.plugins:kubernetes (Maven) May 13, 2022
Apache Geode OQL method invocation vulnerability High
CVE-2017-9795 was published for org.apache.geode:geode-core (Maven) May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database