GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
61 advisories
Filter by severity
Improper Authentication in Apache Qpid
Moderate
CVE-2012-4446
was published
for
org.apache.qpid:qpid-client
(Maven)
May 17, 2022
Improper Authentication in OpenSAML
Moderate
CVE-2011-1411
was published
for
org.opensaml:opensaml
(Maven)
May 17, 2022
Jenkins does not invalidate the API token when a user is deleted
Moderate
CVE-2014-2062
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Jenkins session fixation vulnerability
Moderate
CVE-2014-2066
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Improper Authentication in Apache ActiveMQ
Moderate
CVE-2013-3060
was published
for
org.apache.activemq:activemq-client
(Maven)
May 17, 2022
Apache Hadoop allows impersonation of arbitrary cluster user accounts
Moderate
CVE-2012-1574
was published
for
org.apache.hadoop:hadoop-main
(Maven)
May 17, 2022
Improper Authentication in Apache Hadoop
Moderate
CVE-2014-0229
was published
for
org.apache.hadoop:hadoop-common
(Maven)
May 17, 2022
Apache QPID Allows Remote Authentication Bypass
Moderate
CVE-2012-3467
was published
for
org.apache.qpid:qpid-parent
(Maven)
May 17, 2022
Improper Authentication in Apache Tomcat
Moderate
CVE-2012-5887
was published
for
org.apache.tomcat:tomcat
(Maven)
May 17, 2022
Improper Authentication in Apache Tomcat
Moderate
CVE-2012-5886
was published
for
org.apache.tomcat:tomcat-catalina
(Maven)
May 17, 2022
Authentication Bypass in Apache Tomcat
Moderate
CVE-2012-3546
was published
for
org.apache.tomcat:tomcat
(Maven)
May 17, 2022
Improper Authentication in Hibernate Validator
Moderate
CVE-2014-3558
was published
for
org.hibernate:hibernate-validator
(Maven)
May 14, 2022
Improper Authentication in Apache Tomcat
Moderate
CVE-2011-5063
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Improper Authentication in Apache Tomcat
Moderate
CVE-2011-5062
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Improper Authentication in Apache Tomcat
Moderate
CVE-2013-2067
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Improper Authentication in Jenkins
Moderate
CVE-2018-1999045
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
Apache OpenMeetings may allow authenticated attacker to deny service for privileged users
Moderate
CVE-2018-1286
was published
for
org.apache.openmeetings:openmeetings-parent
(Maven)
May 13, 2022
Improper Authentication in Jenkins Blue Ocean Plugin
Moderate
CVE-2017-1000110
was published
for
io.jenkins.blueocean:blueocean
(Maven)
May 13, 2022
Improper Authentication in Jenkins
Moderate
CVE-2017-2604
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Infinispan Rest API Does Not Enforce Auth Constraints
Moderate
CVE-2017-2638
was published
for
org.infinispan:infinispan-server-core
(Maven)
May 13, 2022
Improper Authentication in Apache Kafka
Moderate
CVE-2017-12610
was published
for
org.apache.kafka:kafka-clients
(Maven)
May 13, 2022
Improper Authentication in Apache CXF
Moderate
CVE-2012-2378
was published
for
org.apache.cxf:cxf
(Maven)
May 13, 2022
Improper Authentication in Apache CXF
Moderate
CVE-2012-5633
was published
for
org.apache.cxf:cxf
(Maven)
May 13, 2022
Improper Authentication in Apache WSS4J
Moderate
CVE-2014-3623
was published
for
org.apache.ws.security:wss4j
(Maven)
May 13, 2022
Improper Authentication in Apache Axis2
Moderate
CVE-2012-5351
was published
for
org.apache.axis2:axis2
(Maven)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API