GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
265 advisories
Filter by severity
Keycloak DoS via account lockout
Low
CVE-2024-1722
was published
for
org.keycloak:keycloak-core
(Maven)
Feb 29, 2024
Apache Camel data exposure vulnerability
Low
CVE-2024-22371
was published
for
org.apache.camel:camel-core
(Maven)
Feb 26, 2024
Vulnerability affecting the org.openjfx:javafx-media maven component of the OpenJFX project
Low
CVE-2024-20925
was published
for
org.openjfx:javafx-media
(Maven)
Feb 17, 2024
Apache Solr Schema Designer blindly "trusts" all configsets
Low
CVE-2023-50292
was published
for
org.apache.solr:solr-core
(Maven)
Feb 9, 2024
Spring Cloud Contract vulnerable to local information disclosure
Low
CVE-2024-22236
was published
for
org.springframework.cloud:spring-cloud-contract-shade
(Maven)
Jan 31, 2024
Non-constant time webhook token comparison in Jenkins GitLab Branch Source Plugin
Low
CVE-2024-23903
was published
for
io.jenkins.plugins:gitlab-branch-source
(Maven)
Jan 24, 2024
nvdApiKey is logged in debug mode
Low
GHSA-qqhq-8r2c-c3f5
was published
for
org.owasp:dependency-check-ant
(Maven)
Dec 15, 2023
Broken access control in Silverpeas
Low
CVE-2023-47320
was published
for
org.silverpeas.core:silverpeas-core-war
(Maven)
Dec 13, 2023
Keycloak vulnerable to LDAP Injection on UsernameForm Login
Low
CVE-2022-2232
was published
for
org.keycloak:keycloak-ldap-federation
(Maven)
Nov 29, 2023
Apache Storm Local Information Disclosure Vulnerability in Storm-core on Unix-Like systems due temporary files
Low
CVE-2023-43123
was published
for
org.apache.storm:storm-core
(Maven)
Nov 23, 2023
Signing DynamoDB Sets when using the AWS Database Encryption SDK.
Low
GHSA-72fp-w44g-625q
was published
for
software.amazon.cryptography:aws-database-encryption-sdk-dynamodb
(Maven)
Nov 9, 2023
Jenkins Multibranch Scan Webhook Trigger Plugin uses non-constant time webhook token comparison
Low
CVE-2023-46656
was published
for
igalg.jenkins.plugins:multibranch-scan-webhook-trigger
(Maven)
Oct 25, 2023
Non-constant time webhook token hash comparison in Jenkins Zanata Plugin
Low
CVE-2023-46660
was published
for
org.jenkins-ci.plugins:zanata
(Maven)
Oct 25, 2023
Jenkins lambdatest-automation Plugin may expose Credentials access token
Low
CVE-2023-46653
was published
for
org.jenkins-ci.plugins:lambdatest-automation
(Maven)
Oct 25, 2023
Jenkins MSTeams Webhook Trigger Plugin uses non-constant time webhook token comparison
Low
CVE-2023-46658
was published
for
io.jenkins.plugins:teams-webhook-trigger
(Maven)
Oct 25, 2023
Jenkins Gogs Plugin uses non-constant time webhook token comparison
Low
CVE-2023-46657
was published
for
org.jenkins-ci.plugins:gogs-webhook
(Maven)
Oct 25, 2023
sbt vulnerable to arbitrary file write via archive extraction (Zip Slip)
Low
CVE-2023-46122
was published
for
org.scala-sbt:io_2.12
(Maven)
Oct 24, 2023
Jenkins temporary uploaded file created with insecure permissions
Low
CVE-2023-43498
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Sep 20, 2023
Jenkins temporary uploaded file created with insecure permissions
Low
CVE-2023-43497
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Sep 20, 2023
Spring for GraphQL may be exposed to GraphQL context with values from a different session
Low
CVE-2023-34047
was published
for
org.springframework.graphql:spring-graphql
(Maven)
Sep 20, 2023
Jetty's OpenId Revoked authentication allows one request
Low
CVE-2023-41900
was published
for
org.eclipse.jetty:jetty-openid
(Maven)
Sep 15, 2023
Jetty vulnerable to errant command quoting in CGI Servlet
Low
CVE-2023-36479
was published
for
org.eclipse.jetty.ee10:jetty-ee10-servlets
(Maven)
Sep 14, 2023
Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes
Low
CVE-2023-41329
was published
for
com.github.tomakehurst:wiremock-jre8
(Maven)
Sep 8, 2023
CSRF vulnerability in Jenkins Frugal Testing Plugin
Low
CVE-2023-41946
was published
for
io.jenkins.plugins:frugal-testing
(Maven)
Sep 6, 2023
Jenkins Tuleap Authentication Plugin non-constant time token comparison
Low
CVE-2023-40343
was published
for
io.jenkins.plugins:tuleap-oauth
(Maven)
Aug 16, 2023
ProTip!
Advisories are also available from the
GraphQL API