GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,939
Maven
5,000+
npm
3,677
NuGet
643
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
264 advisories
Filter by severity
Exposure of Sensitive Information to an Unauthorized Actor in Apache hive
Low
CVE-2018-1284
was published
for
org.apache.hive:hive
(Maven)
Nov 21, 2018
Improper Restriction of XML External Entity Reference in org.springframework.integration:spring-integration-ws and org.springframework.integration:spring-integration-xml
Low
CVE-2019-3772
was published
for
org.springframework.integration:spring-integration-ws
(Maven)
Jan 25, 2019
Jenkins allows attackers to obtain sensitive information
Low
CVE-2014-2068
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Jenkins allows attackers to obtain the master cryptographic key
Low
CVE-2013-0158
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 5, 2022
Apache Camel data exposure vulnerability
Low
CVE-2024-22371
was published
for
org.apache.camel:camel-core
(Maven)
Feb 26, 2024
Apache Tomcat Race Condition vulnerability
Low
CVE-2021-43980
was published
for
org.apache.tomcat:tomcat
(Maven)
Sep 29, 2022
Missing Cryptographic Step in OWASP Enterprise Security API for Java
Low
CVE-2013-5679
was published
for
org.owasp.esapi:esapi
(Maven)
May 17, 2022
Jenkins Aqua Security Serverless Scanner Plugin showed plain text password in job configuration form fields
Low
CVE-2019-10397
was published
for
org.jenkins-ci.plugins:aqua-serverless
(Maven)
May 24, 2022
Vulnerability affecting the org.openjfx:javafx-media maven component of the OpenJFX project
Low
CVE-2024-20925
was published
for
org.openjfx:javafx-media
(Maven)
Feb 17, 2024
In Quarkus, git credentials could be inadvertently published
Low
CVE-2024-1979
was published
for
io.quarkus:quarkus-kubernetes-deployment
(Maven)
Mar 13, 2024
Xuxueli xxl-job template injection vulnerability
Low
CVE-2024-3366
was published
for
com.xuxueli:xxl-job-core
(Maven)
Apr 6, 2024
Keycloak vulnerable to impersonation via logout token exchange
Low
CVE-2023-0657
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
JADX file override vulnerability
Low
GHSA-hvp5-5x4f-33fq
was published
for
io.github.skylot:jadx-core
(Maven)
Apr 22, 2024
Generation of Error Message Containing Sensitive Information in Keycloak
Low
CVE-2020-1717
was published
for
org.keycloak:keycloak-parent
(Maven)
Feb 9, 2022
XMLUnit for Java has Insecure Defaults when Processing XSLT Stylesheets
Low
CVE-2024-31573
was published
for
org.xmlunit:xmlunit-core
(Maven)
May 1, 2024
Keycloak DoS via account lockout
Low
CVE-2024-1722
was published
for
org.keycloak:keycloak-core
(Maven)
Feb 29, 2024
Keycloak's improper input validation allows using email as username
Low
GHSA-4vc8-pg5c-vg4x
was published
for
org.keycloak:keycloak-services
(Maven)
Jun 12, 2024
Keycloak Denial of Service via account lockout
Low
GHSA-cq42-vhv7-xr7p
was published
for
org.keycloak:keycloak-services
(Maven)
Jun 12, 2024
Bouncy Castle Java Cryptography API vulnerable to DNS poisoning
Low
CVE-2024-34447
was published
for
org.bouncycastle:bcprov-jdk12
(Maven)
May 3, 2024
Exposure of secrets through system log in Jenkins Structs Plugin
Low
CVE-2024-39458
was published
for
org.jenkins-ci.plugins:structs
(Maven)
Jun 26, 2024
DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document
Low
CVE-2024-38364
was published
for
org.dspace:dspace-server-webapp
(Maven)
Jun 25, 2024
Keycloak leaks configured LDAP bind credentials through the Keycloak admin console
Low
CVE-2024-5967
was published
for
org.keycloak:keycloak-ldap-federation
(Maven)
Jun 21, 2024
Jenkins Telegram Bot Plugin stores the Telegram Bot token in plaintext
Low
CVE-2024-34147
was published
for
org.jenkins-ci.plugins:telegrambot
(Maven)
May 2, 2024
biscuit-java vulnerable to public key confusion in third party block
Low
CVE-2024-41948
was published
for
org.biscuitsec:biscuit
(Maven)
Jul 31, 2024
Apache CXF allows unrestricted memory consumption in CXF HTTP clients
Low
CVE-2024-41172
was published
for
org.apache.cxf:cxf-rt-transports-http
(Maven)
Jul 19, 2024
ProTip!
Advisories are also available from the
GraphQL API