Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,231
Erlang
31
GitHub Actions
20
Go
1,991
Maven
5,000+
npm
3,709
NuGet
661
pip
3,341
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

176 advisories

Loading
Apache Derby exposes user and password attributes Moderate
CVE-2005-4849 was published for org.apache.derby:derby (Maven) May 1, 2022
Apache Tomcat Discloses MS-DOS Pathname Moderate
CVE-2005-4703 was published for org.apache.tomcat:tomcat (Maven) May 1, 2022
Mortbay Jetty Discloses JSP Source Code Moderate
CVE-2005-3747 was published for org.mortbay.jetty:jetty (Maven) May 1, 2022
Apache Tomcat Source Code Disclosure Moderate
CVE-2002-1148 was published for org.apache.tomcat:tomcat (Maven) Apr 30, 2022
Apache Tomcat Allows Source Disclosure Moderate
CVE-2001-0590 was published for org.apache.tomcat:tomcat-servlet-api (Maven) Apr 30, 2022
Jakarta Apache Tomcat Reveals Physical Paths Moderate
CVE-2000-0759 was published for org.apache.tomcat:tomcat (Maven) Apr 30, 2022
Metrics exposure in Wildfly Moderate
CVE-2021-3503 was published for org.wildfly:wildfly-metrics (Maven) Apr 19, 2022
Unauthenticated user can list hidden document from multiple velocity templates in XWiki Moderate
CVE-2022-24820 was published for org.xwiki.platform:xwiki-platform-web (Maven) Apr 8, 2022
Exposure of Sensitive Information to an Unauthorized Actor in LemMinX Moderate
CVE-2022-0672 was published for org.eclipse.lemminx:lemminx-parent (Maven) Feb 19, 2022
tdunlap607
Apache CXF JMX Integration is vulnerable to a MITM attack Moderate
CVE-2020-1954 was published for org.apache.cxf:cxf-rt-management (Maven) Feb 10, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat Moderate
CVE-2020-13943 was published for org.apache.tomcat:tomcat-coyote (Maven) Feb 9, 2022
Credentials bypass in Apache Druid Moderate
CVE-2020-1958 was published for org.apache.druid:druid (Maven) Feb 9, 2022
Information exposure in xwiki-platform Moderate
CVE-2022-23619 was published for org.xwiki.platform:xwiki-platform-web (Maven) Feb 9, 2022
Apache Hive Information Exposure and Observable Timing Discrepancy Moderate
CVE-2020-1926 was published for org.apache.hive:hive (Maven) Feb 9, 2022
Unauthorized access to Class instance in Jinjava Moderate
CVE-2020-12668 was published for com.hubspot.jinjava:jinjava (Maven) Feb 9, 2022
Hadoop token in temp file visible to all users in Apache Gobblin Moderate
CVE-2021-36151 was published for org.apache.gobblin:gobblin-core (Maven) Feb 6, 2022
Apache NiFi Insertion of Sensitive Information into Log File Moderate
CVE-2020-1928 was published for org.apache.nifi:nifi-parameter (Maven) Jan 6, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache NiFi Moderate
CVE-2021-44145 was published for org.apache.nifi:nifi (Maven) Jan 5, 2022
Exposure of Sensitive Information in keycloak Moderate
CVE-2020-1744 was published for org.keycloak:keycloak-core (Maven) Sep 20, 2021
Incorrect Access Control in Nacos Moderate
CVE-2020-19676 was published for com.alibaba.nacos:nacos-common (Maven) Aug 2, 2021
Encoded URIs can access WEB-INF directory in Eclipse Jetty Moderate
CVE-2021-34429 was published for org.eclipse.jetty:jetty-webapp (Maven) Jul 19, 2021
cangqingzhe lachlan-roberts
The reset password form reveal users email address Moderate
CVE-2021-32731 was published for org.xwiki.platform:xwiki-platform-web (Maven) Jul 2, 2021
API information disclosure flaw in Elasticsearch Moderate
CVE-2021-22135 was published for org.elasticsearch:elasticsearch (Maven) Jul 2, 2021
Jetty Utility Servlets ConcatServlet Double Decoding Information Disclosure Vulnerability Moderate
CVE-2021-28169 was published for org.eclipse.jetty:jetty-servlets (Maven) Jun 10, 2021
stevenseeley
Information Disclosure in Apache Tomcat Moderate
CVE-2021-24122 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) May 13, 2021
sunSUNQ
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database