GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,703
NuGet
661
pip
3,329
Pub
11
RubyGems
884
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+
14 advisories
Filter by severity
Nimbus JOSE+JWT missing overflow check
High
CVE-2017-12972
was published
for
com.nimbusds:nimbus-jose-jwt
(Maven)
May 13, 2022
Insufficient Data Verification in io.really:jwt-scala
Moderate
CVE-2017-10862
was published
for
io.really:jwt-scala
(Maven)
May 17, 2022
Improper Certificate Validation and Insufficient Verification of Data Authenticity in Keycloak
Moderate
CVE-2019-3875
was published
for
org.keycloak:keycloak-core
(Maven)
Jun 27, 2019
Denial of Service in SheetJS Pro
Moderate
CVE-2021-32014
was published
for
org.webjars.npm:xlsx
(Maven)
Jul 22, 2021
Insufficient Verification of Data Authenticity in Apache InLong
Moderate
CVE-2023-43666
was published
for
org.apache.inlong:inlong
(Maven)
Oct 16, 2023
Graylog vulnerable to insecure source port usage for DNS queries
Low
CVE-2023-41045
was published
for
org.graylog2:graylog2-server
(Maven)
Jul 6, 2023
Keycloak vulnerable to user impersonation via stolen UUID code
High
CVE-2023-0264
was published
for
org.keycloak:keycloak-services
(Maven)
Mar 2, 2023
Jenkins SAML Single Sign On(SSO) Plugin missing hostname validation
Moderate
CVE-2023-32993
was published
for
io.jenkins.plugins:miniorange-saml-sp
(Maven)
May 16, 2023
Insufficient Verification of Data Authenticity in Apache Tomcat
Moderate
CVE-2017-7674
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Insufficient Verification of Data Authenticity in Async Http Client
Moderate
CVE-2013-7398
was published
for
com.ning:async-http-client
(Maven)
May 13, 2022
Insufficient Verification of Data Authenticity in Async Http Client
Moderate
CVE-2013-7397
was published
for
com.ning:async-http-client
(Maven)
May 13, 2022
Spring Security vulnerable to Authorization Bypass
High
CVE-2018-15801
was published
for
org.springframework.security:spring-security-core
(Maven)
Dec 20, 2018
WildFly Elytron: OIDC app attempting to access the second tenant, the user should be prompted to log
High
CVE-2023-6236
was published
for
org.wildfly.security:wildfly-elytron-http-oidc
(Maven)
Apr 10, 2024
ProTip!
Advisories are also available from the
GraphQL API