Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

193 advisories

Loading
Liferay Portal and Liferay DXP May Reveal S3 Store's Proxy Password Moderate
CVE-2021-29043 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Apache IoTDB JDBC Driver Discloses Sensitive Information via Log Files Moderate
CVE-2025-26795 was published for org.apache.iotdb:iotdb-jdbc (Maven) May 14, 2025
AnonySE26
Apache IoTDB Discloses Sensitive Information via Log Files Moderate
CVE-2025-26864 was published for org.apache.iotdb:node-commons (Maven) May 14, 2025
Liferay Portal and Liferay DXP Fails to Sanitize API Data Moderate
CVE-2020-13444 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Invalid HTTP requests in Reactor Netty HTTP Server may reveal access tokens Moderate
CVE-2022-31684 was published for io.projectreactor.netty:reactor-netty-http (Maven) Oct 20, 2022
Apache Wicket allows attackers to check for third-party libraries Moderate
CVE-2014-0043 was published for org.apache.wicket:wicket-core (Maven) May 17, 2022
Apache Tomcat Mishandles Character Sequence in Cookies Moderate
CVE-2007-3385 was published for org.apache.tomcat:tomcat (Maven) May 1, 2022
Apache Tomcat Reveals Directories Moderate
CVE-2006-3835 was published for org.apache.tomcat:tomcat (Maven) May 1, 2022
Apache Tomcat Reveals Path through Long URL Moderate
CVE-2001-0917 was published for org.apache.tomcat:tomcat (Maven) Apr 30, 2022
Apache Commons VFS Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2025-30474 was published for org.apache.commons:commons-vfs2 (Maven) Mar 23, 2025
Jenkins allows Remote Users to Obtain Sensitive Information from a Plugin Code Moderate
CVE-2014-3667 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Jenkins Exposes Sensitive Information from Job Configuration Moderate
CVE-2016-3724 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Jenkins Exposes Sensitive Information via API URL Moderate
CVE-2016-3727 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Jenkins allows Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2015-5320 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Jenkins allows Unauthorized Viewing of Queue API Information Moderate
CVE-2015-5324 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Jenkins has Information Disclosure via Sidepanel Widget Moderate
CVE-2015-5321 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Apache Storm Local Information Disclosure Vulnerability in Storm-core on Unix-Like systems due temporary files Moderate
CVE-2023-43123 was published for org.apache.storm:storm-core (Maven) Nov 23, 2023
MarkLee131
Apache ZooKeeper vulnerable to information disclosure in persistent watchers handling Moderate
CVE-2024-23944 was published for org.apache.zookeeper:zookeeper (Maven) Mar 15, 2024
GeoNetwork search end-point information disclosure in response headers Moderate
CVE-2024-32037 was published for org.geonetwork-opensource:gn-services (Maven) Feb 11, 2025
josegar74 jodygarnett
HL7 FHIR IG Publisher potentially exposes GitHub repo user and credential information Moderate
CVE-2025-24363 was published for org.hl7.fhir.publisher:org.hl7.fhir.publisher.cli (Maven) Jan 24, 2025
pat-ryan-health
Field-level security issue with .keyword fields in OpenSearch Moderate
CVE-2023-23613 was published for org.opensearch.plugin:opensearch-security (Maven) Jan 24, 2023
binary-1024
XWiki Platform: Password hash might be leaked by diff once the xobject holding them is deleted Moderate
CVE-2024-31464 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Apr 10, 2024
Welcome and About GeoServer pages communicate version and revision information Moderate
CVE-2024-35230 was published for org.geoserver.web:gs-web-app (Maven) Dec 16, 2024
jodygarnett
Jenkins Credentials plugin reveals encrypted values of credentials to users with Extended Read permission Moderate
CVE-2024-47805 was published for org.jenkins-ci.plugins:credentials (Maven) Oct 2, 2024
Elasticsearch Remote Cluster Search Cross Cluster API Key insufficient restrictions Moderate
CVE-2024-23445 was published for org.elasticsearch:elasticsearch (Maven) Jun 12, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database