Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

176 advisories

Loading
Apache Tomcat Exposes IP Addresses and HTTP Headers of Requests Moderate
CVE-2011-3375 was published for org.apache.tomcat:tomcat (Maven) May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Spring Security Moderate
CVE-2012-5055 was published for org.springframework.security:spring-security-core (Maven) May 17, 2022
Apache Rave information disclosure vulnerability Moderate
CVE-2013-1814 was published for org.apache.rave:rave-core (Maven) May 17, 2022
q5438722
Eucalyptus Unauthorized Access to CC/NC Log Files Moderate
CVE-2013-4766 was published for org.jclouds.api:eucalyptus (Maven) May 17, 2022
Apache Shindig PHP Sensitive Information Disclosure Moderate
CVE-2013-4295 was published for org.apache.shindig:shindig-php (Maven) May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in JGroup Moderate
CVE-2013-4112 was published for org.jgroups:jgroups (Maven) May 17, 2022
Jenkins allows attackers to determine whether a user exists Moderate
CVE-2014-2064 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
sunSUNQ
Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability Moderate
CVE-2014-3662 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability Moderate
CVE-2014-3680 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy Moderate
CVE-2016-6345 was published for org.jboss.resteasy:resteasy-client (Maven) May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Direct Web Remoting Moderate
CVE-2014-5325 was published for org.directwebremoting:dwr (Maven) May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Hadoop Moderate
CVE-2015-1776 was published for org.apache.hadoop:hadoop-common (Maven) May 17, 2022
Apache Ambari reveals administrator passwords Moderate
CVE-2016-4976 was published for org.apache.ambari:ambari (Maven) May 17, 2022
Apache Tomcat Allows Replacing of XML Parser Moderate
CVE-2011-2481 was published for org.apache.tomcat:tomcat (Maven) May 17, 2022
sunSUNQ
Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy Moderate
CVE-2011-5245 was published for org.jboss.resteasy:resteasy-jaxb-provider (Maven) May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy Moderate
CVE-2012-0818 was published for org.jboss.resteasy:resteasy-client (Maven) May 17, 2022
Apache Geode gfsh query vulnerability Moderate
CVE-2017-9794 was published for org.apache.geode:geode-core (Maven) May 17, 2022
Jenkins Docker Commons Plugin allows any user with Overall/Read permission to get list of valid credentials IDs Moderate
CVE-2017-1000094 was published for org.jenkins-ci.plugins:docker-commons (Maven) May 17, 2022
Jenkins GitHub Branch Source Plugin allows any user with Overall/Read permission to get list of valid credentials IDs Moderate
CVE-2017-1000087 was published for org.jenkins-ci.plugins:github-branch-source (Maven) May 17, 2022
Exposure of Sensitive Information in Jenkins Core Moderate
CVE-2016-0790 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Exposure of Sensitive Information in Jenkins Core Moderate
CVE-2016-3723 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Apache Geode OQL bind parameter vulnerability Moderate
CVE-2017-9796 was published for org.apache.geode:geode-core (Maven) May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor Jenkins Script Security Plugin Moderate
CVE-2017-1000505 was published for org.jenkins-ci.plugins:script-security (Maven) May 14, 2022
Jenkins Perforce Plugin exposure of sensitive information vulnerability exists Moderate
CVE-2018-1000147 was published for org.jvnet.hudson.plugins:perforce (Maven) May 14, 2022
Jenkins GitHub Pull Request Builder Plugin allows attacker with local file system access to obtain GitHub credentials Moderate
CVE-2018-1000142 was published for org.jenkins-ci.plugins:ghprb (Maven) May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database