GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,041
Maven
5,000+
npm
3,733
NuGet
662
pip
3,414
Pub
12
RubyGems
891
Rust
866
Swift
36
Unreviewed advisories
All unreviewed
5,000+
57 advisories
Filter by severity
Apache Helix Front (UI) component contained a hard-coded secret
High
CVE-2024-22281
was published
for
org.apache.helix:helix
(Maven)
Aug 21, 2024
org.xwiki.platform:xwiki-platform-oldcore may leak data through deleted and re-created documents
Moderate
CVE-2023-37911
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Oct 25, 2023
Secret displayed without masking by Chef Identity Plugin
Low
CVE-2023-39155
was published
for
org.jenkins-ci.plugins:chef-identity
(Maven)
Jul 26, 2023
Apache InLong: General user can delete and update process
Moderate
CVE-2023-34189
was published
for
org.apache.inlong:inlong-manager
(Maven)
Jul 25, 2023
Apache InLong Exposure of Resource to Wrong Sphere vulnerability
High
CVE-2023-31103
was published
for
org.apache.inlong:manager-dao
(Maven)
Jul 6, 2023
Apache InLong Exposure of Resource to Wrong Sphere vulnerability
High
CVE-2023-31206
was published
for
org.apache.inlong:manager-dao
(Maven)
Jul 6, 2023
XWiki Platform may show email addresses in clear in REST results
High
CVE-2023-35151
was published
for
org.xwiki.platform:xwiki-platform-rest-server
(Maven)
Jun 20, 2023
XWiki Platform may retrieve email addresses of all users
High
CVE-2023-34467
was published
for
org.xwiki.platform:xwiki-platform-livetable-ui
(Maven)
Jun 20, 2023
Jeecg P3 Biz Chat allows remote attackers to read arbitrary files
High
CVE-2023-33510
was published
for
org.jeecgframework.p3:jeecg-p3-biz-chat
(Maven)
Jun 7, 2023
Unauthenticated user can have information about hidden users on subwikis through uorgsuggest.vm
Low
CVE-2023-29203
was published
for
org.xwiki.platform:xwiki-platform-web-templates
(Maven)
Apr 12, 2023
org.xwiki.platform:xwiki-platform-oldcore vulnerable to data leak through deleted documents
High
CVE-2023-29208
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Apr 12, 2023
RestEasy Reactive implementation of Quarkus allows Creation of Temporary File With Insecure Permissions
Low
CVE-2023-0481
was published
for
io.quarkus.resteasy.reactive:resteasy-reactive-common
(Maven)
Feb 24, 2023
CodenameOne Pending Intent vulnerability
Critical
CVE-2022-4903
was published
for
com.codenameone:codenameone-core
(Maven)
Feb 10, 2023
Java Merge-sort Insecure Temporary File vulnerability
Moderate
CVE-2022-24913
was published
for
com.fasterxml.util:java-merge-sort
(Maven)
Jan 12, 2023
globalpom-utils has Insecure Temporary File
Critical
CVE-2018-25068
was published
for
com.anrisoftware.globalpom:globalpomutils
(Maven)
Jan 6, 2023
Apache James server allows an attacker with local access to access private user data in transit
Moderate
CVE-2022-45935
was published
for
org.apache.james:james-server
(Maven)
Jan 6, 2023
HTSJDK is vulnerable to exposure of resource(s) to the wrong sphere
High
CVE-2022-21126
was published
for
com.github.samtools:htsjdk
(Maven)
Nov 29, 2022
Temporary File Information Disclosure vulnerability in MPXJ
Low
CVE-2022-41954
was published
for
mpxj
(Maven)
Nov 28, 2022
TemporaryFolder on unix-like systems does not limit access to created files
Moderate
CVE-2022-41946
was published
for
org.postgresql:postgresql
(Maven)
Nov 23, 2022
ManyDesigns Portofino subject to creation of insecure temporary file
High
CVE-2022-3952
was published
for
com.manydesigns:portofino
(Maven)
Nov 11, 2022
Jenkins HTTP Request Plugin stores HTTP Request passwords unencrypted
Low
CVE-2022-36901
was published
for
org.jenkins-ci.plugins:http_request
(Maven)
Jul 28, 2022
Hardcoded JWT Token in Lin CMS Spring Boot
High
CVE-2022-32430
was published
for
io.github.talelin:lin-cms-core
(Maven)
Jul 22, 2022
Undertow vulnerable to Denial of Service (DoS) attacks
High
CVE-2021-3859
was published
for
io.undertow:undertow-core
(Maven)
Jul 15, 2022
Microsoft: CBC Padding Oracle in Azure Blob Storage Encryption Library
Moderate
CVE-2022-30187
was published
for
Azure.Storage.Blobs
(Maven)
Jul 13, 2022
Temporary Directory Hijacking to Local Privilege Escalation Vulnerability in org.springframework.boot:spring-boot
High
CVE-2022-27772
was published
for
org.springframework.boot:spring-boot
(Maven)
Jul 11, 2022
ProTip!
Advisories are also available from the
GraphQL API