GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
16 advisories
Filter by severity
Issuer validation regression in Spring Cloud SSO Connector
High
CVE-2018-1256
was published
for
io.pivotal.spring.cloud:spring-cloud-sso-connector
(Maven)
May 13, 2022
Denial of service in Apache Tomcat
Moderate
CVE-2014-0095
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
May 17, 2022
Shell command injection in Liferay Portal
High
CVE-2010-5327
was published
for
com.liferay.portal:portal-impl
(Maven)
May 17, 2022
Information leak in Gerrit
Low
CVE-2020-8920
was published
for
com.google.gerrit:gerrit-plugin-api
(Maven)
May 24, 2022
Elasticsearch subject to cross site scripting
Moderate
CVE-2018-3824
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 13, 2022
XML External Entity Reference in weixin-java-tools
Critical
CVE-2019-5312
was published
for
com.github.binarywang:weixin-java-common
(Maven)
May 14, 2022
Cross-site Scripting in Pivotal Spring Batch Admin
Moderate
CVE-2018-1229
was published
for
org.springframework.batch:spring-batch-admin-manager
(Maven)
May 13, 2022
Apache Rave information disclosure vulnerability
Moderate
CVE-2013-1814
was published
for
org.apache.rave:rave-core
(Maven)
May 17, 2022
Jenkins build-metrics Plugin reflected cross-site scripting vulnerability
Moderate
CVE-2019-10475
was published
for
org.jenkins-ci.plugins:build-metrics
(Maven)
May 24, 2022
Jenkins Black Duck Detect Plugin information exposure vulnerability
Moderate
CVE-2018-1000191
was published
for
com.synopsys.integration:synopsys-detect
(Maven)
May 14, 2022
Jenkins Credentials Binding Plugin has Insufficiently Protected Credentials
Moderate
CVE-2018-1000057
was published
for
org.jenkins-ci.plugins:credentials-binding
(Maven)
May 13, 2022
Cross-Site Request Forgery in Apache CXF Fediz
High
CVE-2017-7662
was published
for
org.apache.cxf.fediz:fediz-oidc
(Maven)
May 13, 2022
MitM on Jenkins Maven Plugin
Moderate
CVE-2017-1000397
was published
for
org.jenkins-ci.main:maven-plugin
(Maven)
May 14, 2022
Code injection via property expansion in SoapUI
High
CVE-2014-1202
was published
for
com.smartbear.soapui:soapui
(Maven)
May 17, 2022
User confusion in IronJacamar
Moderate
CVE-2012-3428
was published
for
org.jboss.ironjacamar:ironjacamar-jdbc
(Maven)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API