Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,819
Erlang
36
GitHub Actions
32
Go
2,410
Maven
5,000+
npm
4,046
NuGet
723
pip
3,842
Pub
12
RubyGems
933
Rust
1,003
Swift
38
Unreviewed advisories
All unreviewed
5,000+

104 advisories

Loading
Apache Commons Compress denial of service vulnerability Moderate
CVE-2023-42503 was published for org.apache.commons:commons-compress (Maven) Sep 14, 2023
Jenkins Oracle Cloud Infrastructure Compute Plugin missing SSH host key validation Moderate
CVE-2023-37948 was published for org.jenkins-ci.plugins:oracle-cloud-infrastructure-compute (Maven) Jul 12, 2023
Apache Zeppelin Improper Input Validation vulnerability Moderate
CVE-2021-28655 was published for org.apache.zeppelin:zeppelin (Maven) Jul 6, 2023
Apache Any23 vulnerable to excessive memory usage Moderate
CVE-2023-34150 was published for org.apache.any23:apache-any23 (Maven) Jul 5, 2023
Apache Linkis vulnerable to Exposure of Sensitive Information Moderate
CVE-2022-44644 was published for org.apache.linkis:linkis (Maven) Jan 31, 2023
Apache Commons Net vulnerable to information leakage via malicious server Moderate
CVE-2021-37533 was published for commons-net:commons-net (Maven) Dec 3, 2022
protobuf-java has a potential Denial of Service issue Moderate
CVE-2022-3171 was published for com.google.protobuf:protobuf-java (RubyGems) Oct 4, 2022
Proxy component of Apache Pulsar subject to abuse as Denial of Service endpoint Moderate
CVE-2022-24280 was published for org.apache.pulsar:pulsar (Maven) Sep 25, 2022
Duplicate Advisory: Keycloak user may register themselves with same email ID of any existing user Moderate
GHSA-j9xq-j329-2xvg was published for org.keycloak:keycloak-core (Maven) Aug 27, 2022 withdrawn
Keycloak vulnerable to Improper Certificate Validation Moderate
CVE-2020-35509 was published for org.keycloak:keycloak-core (Maven) Aug 24, 2022
Lack of type validation in agent related REST API in Jenkins Moderate
CVE-2021-21639 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Arbitrary file existence check in file fingerprints in Jenkins Moderate
CVE-2021-21606 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
OpenID4Java does not verify that Attribute Exchange (AX) information is signed Moderate
CVE-2011-4314 was published for org.openid4java:openid4java (Maven) May 17, 2022
XML External Entity Reference in RESTEasy Moderate
CVE-2014-7839 was published for org.jboss.resteasy:resteasy-jaxrs (Maven) May 17, 2022
Denial of service in Apache Struts Moderate
CVE-2016-3093 was published for ognl:ognl (Maven) May 17, 2022
ebickle
Improper Input Validation in Apache ActiveMQ Moderate
CVE-2015-6524 was published for org.apache.activemq:activemq-broker (Maven) May 17, 2022
sunSUNQ
Open redirect in Apache Struts Moderate
CVE-2013-2248 was published for org.apache.struts:struts2-core (Maven) May 17, 2022
sunSUNQ
Apache Struts vulnerable to possible DoS attack when using URLValidator Moderate
CVE-2016-4465 was published for org.apache.struts:struts2-core (Maven) May 17, 2022
sunSUNQ
Improper Input Validation in OpenSymphony XWork Moderate
CVE-2008-6504 was published for com.opensymphony:xwork (Maven) May 17, 2022
Improper Input Validation in Apache Axis2 Moderate
CVE-2012-5785 was published for org.apache.axis2:axis2 (Maven) May 17, 2022
Improper Input Validation in Apache POI Moderate
CVE-2014-3574 was published for org.apache.poi:poi (Maven) May 17, 2022
MarkLee131
Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users Moderate
CVE-2011-1475 was published for org.apache.tomcat:tomcat (Maven) May 17, 2022
Improper Input Validation in Apache Batik Moderate
CVE-2015-0250 was published for org.apache.xmlgraphics:batik (Maven) May 17, 2022
Denial of service in Apache Tomcat Moderate
CVE-2014-0095 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) May 17, 2022
q5438722 sunSUNQ
JBoss RichFaces Improper Input Validation vulnerability Moderate
CVE-2014-0086 was published for org.richfaces:richfaces (Maven) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database