Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

66 advisories

Loading
Apache Ignite communicates to an external PHP server where sensitive information is sent High
CVE-2017-7686 was published for org.apache.ignite:ignite-core (Maven) Oct 16, 2018
Apache DolphinScheduler sensitive information disclosure High
CVE-2023-48796 was published for apache-dolphinscheduler (Maven) Nov 24, 2023
Graylog concurrent PDF report rendering can leak other users' reports High
CVE-2024-52506 was published for org.graylog:graylog-parent (Maven) Nov 18, 2024
hornetq vulnerable to file overwrite, sensitive information disclosure High
CVE-2024-51127 was published for org.hornetq:hornetq-core-client (Maven) Nov 4, 2024
Apache Tomcat allows remote attackers to read data that was intended to be associated with a different request High
CVE-2016-8747 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
Keycloak's admin API allows low privilege users to use administrative functions High
CVE-2024-3656 was published for org.keycloak:keycloak-services (Maven) Jun 11, 2024
Liferay Portal vulnerable to user impersonation High
CVE-2024-25148 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 8, 2024
Apache Atlas produces Stack trace in error response High
CVE-2017-3154 was published for org.apache.atlas:atlas-common (Maven) May 17, 2022
Apache Sling Authentication Service vulnerability High
CVE-2017-15700 was published for org.apache.sling:org.apache.sling.auth.core (Maven) May 14, 2022
oscerd
Apache Pinot: Unauthorized endpoint exposed sensitive information High
CVE-2024-39676 was published for org.apache.pinot:pinot-controller (Maven) Jul 24, 2024
oscerd
Keycloak exposes sensitive information in Pushed Authorization Requests (PAR) High
CVE-2024-4540 was published for org.keycloak:keycloak-services (Maven) Jun 10, 2024
mschallar
Duplicate Advisory: Keycloak exposes sensitive information in Pushed Authorization Requests (PAR) High
GHSA-4vrx-8phj-x3mg was published for org.keycloak:keycloak-services (Maven) Jun 3, 2024 withdrawn
Apache Pulsar SASL Authentication Provider observable timing discrepancy vulnerability High
CVE-2023-51437 was published for org.apache.pulsar:pulsar-broker-auth-sasl (Maven) Feb 7, 2024
Password exposure in H2 Database High
CVE-2022-45868 was published for com.h2database:h2 (Maven) Nov 23, 2022
mrjonstrong pjfanning
amita-seal
Quarkus OIDC can leak both ID and access tokens High
CVE-2023-1584 was published for io.quarkus:quarkus-oidc (Maven) Oct 4, 2023
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat High
CVE-2020-17527 was published for org.apache.tomcat:tomcat-coyote (Maven) Feb 9, 2022
sunSUNQ
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat High
CVE-2017-5647 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
kurt-r2c sunSUNQ
r3kumar
Cloud Foundry UAA SessionID present in Audit Event Logs High
CVE-2018-1192 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 14, 2022
sunSUNQ
Apache Tomcat Source Code Disclosure High
CVE-2002-1394 was published for org.apache.tomcat:tomcat (Maven) Apr 30, 2022
Apache MyFaces Vulnerable to EL Injection High
CVE-2011-4343 was published for org.apache.myfaces.core:myfaces-core-module (Maven) May 17, 2022
Jenkins Accurev Plugin CSRF vulnerability and missing permission checks High
CVE-2018-1999028 was published for org.jenkins-ci.plugins:accurev (Maven) May 13, 2022
Solr search discloses password hashes of all users High
CVE-2023-50719 was published for org.xwiki.platform:xwiki-platform-search-solr-api (Maven) Dec 16, 2023
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins High
CVE-2018-1000410 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Exposure of Sensitive Information in Jenkins Kubernetes Plugin High
CVE-2018-1999040 was published for org.csanchez.jenkins.plugins:kubernetes (Maven) May 13, 2022
CSRF vulnerability and missing permission checks in GitHub Plugin allowed capturing credentials High
CVE-2018-1000600 was published for com.coravy.hudson.plugins.github:github (Maven) May 13, 2022
ProTip! Advisories are also available from the GraphQL API