GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,041
Maven
5,000+
npm
3,733
NuGet
662
pip
3,414
Pub
12
RubyGems
891
Rust
866
Swift
36
Unreviewed advisories
All unreviewed
5,000+
57 advisories
Filter by severity
Temporary File Information Disclosure vulnerability in MPXJ
Low
CVE-2022-41954
was published
for
mpxj
(Maven)
Nov 28, 2022
Apache Helix Front (UI) component contained a hard-coded secret
High
CVE-2024-22281
was published
for
org.apache.helix:helix
(Maven)
Aug 21, 2024
Microsoft: CBC Padding Oracle in Azure Blob Storage Encryption Library
Moderate
CVE-2022-30187
was published
for
Azure.Storage.Blobs
(Maven)
Jul 13, 2022
Exposure of Resource to Wrong Sphere in Apache Tomcat
Critical
CVE-2017-5648
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
May 13, 2022
TemporaryFolder on unix-like systems does not limit access to created files
Moderate
CVE-2022-41946
was published
for
org.postgresql:postgresql
(Maven)
Nov 23, 2022
CodenameOne Pending Intent vulnerability
Critical
CVE-2022-4903
was published
for
com.codenameone:codenameone-core
(Maven)
Feb 10, 2023
Jenkins HTTP Request Plugin stores HTTP Request passwords unencrypted
Low
CVE-2022-36901
was published
for
org.jenkins-ci.plugins:http_request
(Maven)
Jul 28, 2022
Missing permission checks in SSH Agent Plugin allow enumerating credentials IDs
Moderate
CVE-2022-20620
was published
for
org.jenkins-ci.plugins:ssh-agent
(Maven)
Jan 13, 2022
Jenkins JIRA Plugin allows users to select and use credentials with System scope
Moderate
CVE-2019-16541
was published
for
org.jenkins-ci.plugins:jira
(Maven)
May 24, 2022
RestEasy Reactive implementation of Quarkus allows Creation of Temporary File With Insecure Permissions
Low
CVE-2023-0481
was published
for
io.quarkus.resteasy.reactive:resteasy-reactive-common
(Maven)
Feb 24, 2023
Exposure of sensitive information in Apache Ozone
Critical
CVE-2021-39231
was published
for
org.apache.ozone:ozone-main
(Maven)
Nov 23, 2021
XWiki Platform may retrieve email addresses of all users
High
CVE-2023-34467
was published
for
org.xwiki.platform:xwiki-platform-livetable-ui
(Maven)
Jun 20, 2023
XWiki Platform may show email addresses in clear in REST results
High
CVE-2023-35151
was published
for
org.xwiki.platform:xwiki-platform-rest-server
(Maven)
Jun 20, 2023
Secret displayed without masking by Chef Identity Plugin
Low
CVE-2023-39155
was published
for
org.jenkins-ci.plugins:chef-identity
(Maven)
Jul 26, 2023
org.xwiki.platform:xwiki-platform-oldcore may leak data through deleted and re-created documents
Moderate
CVE-2023-37911
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Oct 25, 2023
Apache InLong Exposure of Resource to Wrong Sphere vulnerability
High
CVE-2023-31103
was published
for
org.apache.inlong:manager-dao
(Maven)
Jul 6, 2023
Apache InLong Exposure of Resource to Wrong Sphere vulnerability
High
CVE-2023-31206
was published
for
org.apache.inlong:manager-dao
(Maven)
Jul 6, 2023
Jeecg P3 Biz Chat allows remote attackers to read arbitrary files
High
CVE-2023-33510
was published
for
org.jeecgframework.p3:jeecg-p3-biz-chat
(Maven)
Jun 7, 2023
Apache InLong: General user can delete and update process
Moderate
CVE-2023-34189
was published
for
org.apache.inlong:inlong-manager
(Maven)
Jul 25, 2023
globalpom-utils has Insecure Temporary File
Critical
CVE-2018-25068
was published
for
com.anrisoftware.globalpom:globalpomutils
(Maven)
Jan 6, 2023
Arbitrary file read vulnerability in Jenkins Tests Selector Plugin
Moderate
CVE-2022-28160
was published
for
org.jenkins-ci.plugins:selected-tests-executor
(Maven)
Mar 30, 2022
Jenkins Google Kubernetes Engine Plugin vulnerable to Exposure of Resource to Wrong Sphere
Moderate
CVE-2019-10365
was published
for
org.jenkins-ci.plugins:google-kubernetes-engine
(Maven)
May 24, 2022
Druid ingestion system Authenticated users can read data from other sources than intended
Moderate
CVE-2021-36749
was published
for
org.apache.druid:druid-core
(Maven)
Sep 27, 2021
Exposure of Resource to Wrong Sphere in Liferay Portal
Moderate
CVE-2021-33330
was published
for
com.liferay.portal:release.portal.bom
(Maven)
May 24, 2022
Hardcoded JWT Token in Lin CMS Spring Boot
High
CVE-2022-32430
was published
for
io.github.talelin:lin-cms-core
(Maven)
Jul 22, 2022
ProTip!
Advisories are also available from the
GraphQL API