Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,069
Maven
5,000+
npm
3,744
NuGet
668
pip
3,429
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

67 advisories

Loading
undertow: information leakage via HTTP/2 request header reuse High
CVE-2024-4109 was published for io.undertow:undertow-core (Maven) Dec 12, 2024
Graylog concurrent PDF report rendering can leak other users' reports High
CVE-2024-52506 was published for org.graylog:graylog-parent (Maven) Nov 18, 2024
hornetq vulnerable to file overwrite, sensitive information disclosure High
CVE-2024-51127 was published for org.hornetq:hornetq-core-client (Maven) Nov 4, 2024
Apache Pinot: Unauthorized endpoint exposed sensitive information High
CVE-2024-39676 was published for org.apache.pinot:pinot-controller (Maven) Jul 24, 2024
oscerd
Keycloak's admin API allows low privilege users to use administrative functions High
CVE-2024-3656 was published for org.keycloak:keycloak-services (Maven) Jun 11, 2024
Keycloak exposes sensitive information in Pushed Authorization Requests (PAR) High
CVE-2024-4540 was published for org.keycloak:keycloak-services (Maven) Jun 10, 2024
mschallar
Duplicate Advisory: Keycloak exposes sensitive information in Pushed Authorization Requests (PAR) High
GHSA-4vrx-8phj-x3mg was published for org.keycloak:keycloak-services (Maven) Jun 3, 2024 withdrawn
Liferay Portal vulnerable to user impersonation High
CVE-2024-25148 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 8, 2024
Apache Pulsar SASL Authentication Provider observable timing discrepancy vulnerability High
CVE-2023-51437 was published for org.apache.pulsar:pulsar-broker-auth-sasl (Maven) Feb 7, 2024
Solr search discloses password hashes of all users High
CVE-2023-50719 was published for org.xwiki.platform:xwiki-platform-search-solr-api (Maven) Dec 16, 2023
Apache DolphinScheduler sensitive information disclosure High
CVE-2023-48796 was published for apache-dolphinscheduler (Maven) Nov 24, 2023
Quarkus OIDC can leak both ID and access tokens High
CVE-2023-1584 was published for io.quarkus:quarkus-oidc (Maven) Oct 4, 2023
Exposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-office-viewer High
CVE-2023-29517 was published for org.xwiki.platform:xwiki-platform-office-viewer (Maven) Apr 20, 2023
XWiki Platform packages Expose Sensitive Information to an Unauthorized Actor High
CVE-2023-26476 was published for org.xwiki.platform:xwiki-platform-livetable-ui (Maven) Mar 3, 2023
Apache CXF vulnerable to Exposure of Sensitive Information High
CVE-2022-46363 was published for org.apache.cxf:cxf-core (Maven) Dec 13, 2022
pavelarnost
Password exposure in H2 Database High
CVE-2022-45868 was published for com.h2database:h2 (Maven) Nov 23, 2022
mrjonstrong pjfanning
amita-seal
Apache Archiva vulnerable to Sensitive Information Disclosure via anonymous user High
CVE-2022-40308 was published for org.apache.archiva:archiva-common (Maven) Nov 15, 2022
ZK Framework vulnerable to malicious POST High
CVE-2022-36537 was published for org.zkoss.zk:zk (Maven) Aug 27, 2022
tdunlap607
xxl-job sensitive data exposure High
CVE-2020-23811 was published for com.xuxueli:xxl-job (Maven) May 24, 2022
Improper Input Validation in Undertow High
CVE-2020-1757 was published for io.undertow:undertow-core (Maven) May 24, 2022
yawkat
Exposure of Sensitive Information in Apache Storm Logviewer High
CVE-2019-0202 was published for org.apache.storm:storm-core (Maven) May 24, 2022
Apache Geode information disclosure vulnerability High
CVE-2017-5649 was published for org.apache.geode:geode-core (Maven) May 17, 2022
Apache OpenMeetings displays Tomcat version and detailed error stack trace High
CVE-2017-7683 was published for org.apache.openmeetings:openmeetings-parent (Maven) May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Qpid Broker for Java High
CVE-2016-8741 was published for org.apache.qpid:qpid-broker (Maven) May 17, 2022
The Undertow module of WildFly allows source code disclosure High
CVE-2015-3198 was published for org.wildfly:wildfly-parent (Maven) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database