Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+

265 advisories

Loading
Agent-to-controller security bypass in Jenkins HashiCorp Vault Plugin Low
CVE-2022-25186 was published for com.datapipe.jenkins.plugins:hashicorp-vault-plugin (Maven) Feb 16, 2022
NotMyFault
Improper Synchronization in Jenkins Convertigo Mobile Platform Plugin Low
CVE-2022-25210 was published for com.convertigo.jenkins.plugins:convertigo-mobile-platform (Maven) Feb 16, 2022
NotMyFault
Data Amplification in Play Framework Low
CVE-2020-28923 was published for com.typesafe.play:play (Maven) Feb 9, 2022
Generation of Error Message Containing Sensitive Information in Keycloak Low
CVE-2020-1717 was published for org.keycloak:keycloak-parent (Maven) Feb 9, 2022
Observable Discrepancy and Observable Timing Discrepancy in Jenkins Configuration as Code Plugin Low
CVE-2022-23106 was published for io.jenkins:configuration-as-code (Maven) Jan 21, 2022
NotMyFault westonsteimel
Password stored in plain text by Jenkins Publish Over SSH Plugin Low
CVE-2022-23114 was published for org.jenkins-ci.plugins:publish-over-ssh (Maven) Jan 13, 2022
NotMyFault MarkLee131
Cross-site scripting in Apache Syncome EndUser Low
CVE-2019-17557 was published for org.apache.syncope.client:syncope-client-enduser (Maven) Jan 6, 2022
A user without PR can reset user authentication failures information Low
CVE-2021-32729 was published for org.xwiki.platform:xwiki-platform-security-authentication-script (Maven) Jul 2, 2021
Reflected cross-site scripting in development mode handler in Vaadin 14, 15-19 Low
CVE-2021-33604 was published for com.vaadin:vaadin-bom (Maven) Jun 28, 2021
Reflected cross-site scripting in development mode handler in Vaadin Low
GHSA-8vfw-v2jv-9hwc was published for com.vaadin:flow-server (Maven) Jun 28, 2021
SessionListener can prevent a session from being invalidated breaking logout Low
CVE-2021-34428 was published for org.eclipse.jetty:jetty-server (Maven) Jun 23, 2021
rmannibucau stephenc
Insecure temporary file used in com.squareup:connect Low
CVE-2021-23331 was published for com.squareup:connect (Maven) Jun 16, 2021
Cross-site Scripting in Wildfly Low
CVE-2021-3536 was published for org.wildfly:wildfly-parent (Maven) May 25, 2021
Unauthorized client-side property update in UIDL request handler in Vaadin 10 and 11 Low
CVE-2018-25007 was published for com.vaadin:flow-server (Maven) Apr 19, 2021
Potential sensitive data exposure in applications using Vaadin 15 Low
CVE-2020-36319 was published for com.vaadin:flow-server (Maven) Apr 19, 2021
knoobie
Unauthorized client-side property update in UIDL request handler in Vaadin 10 and 11 Low
GHSA-3h5r-928v-mxhh was published for com.vaadin:vaadin-bom (Maven) Apr 19, 2021
Potential sensitive data exposure in applications using Vaadin 15 Low
GHSA-76f4-fw33-6j2v was published for com.vaadin:vaadin-bom (Maven) Apr 19, 2021
knoobie
Directory exposure in jetty Low
CVE-2021-28163 was published for org.eclipse.jetty:jetty-deploy (Maven) Apr 6, 2021
svarovski
Discovery uses the same AES/GCM Nonce throughout the session Low
GHSA-w3hj-wr2q-x83g was published for tech.pegasys.discovery:discovery (Maven) Apr 6, 2021
asanso
Information Disclosure in Guava Low
CVE-2020-8908 was published for com.google.guava:guava (Maven) Mar 25, 2021
joshbressers
It's possible to execute anything with the rights of the author of a macro which uses the {{wikimacrocontent}} macro Low
CVE-2021-21379 was published for org.xwiki.platform:xwiki-platform-rendering-wikimacro-store (Maven) Mar 23, 2021
Privilege Context Switching Error in Elasticsearch Low
CVE-2020-7020 was published for org.elasticsearch:elasticsearch (Maven) Mar 18, 2021
Generator Web Application: Local Privilege Escalation Vulnerability via System Temp Directory Low
CVE-2021-21363 was published for io.swagger:swagger-codegen (Maven) Mar 11, 2021
JLLeitschuh
Local Information Disclosure Vulnerability Low
CVE-2021-21331 was published for com.datadoghq:datadog-api-client (Maven) Mar 3, 2021
JLLeitschuh oliverchang
Unencrypted passwords Low
GHSA-q594-2475-8v9f was published for org.apache.nifi:nifi-standard-processors (Maven) Feb 24, 2021 withdrawn
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database