GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
42 advisories
Filter by severity
OpenRefine JDBC Attack Vulnerability
High
CVE-2024-23833
was published
for
org.openrefine:database
(Maven)
Feb 12, 2024
SaToken authentication bypass vulnerability
High
CVE-2023-43961
was published
for
cn.dev33:sa-token-core
(Maven)
Oct 25, 2023
Apache Archiva Incorrect Authorization vulnerability
High
CVE-2024-27138
was published
for
org.apache.archiva:archiva
(Maven)
Mar 1, 2024
Alpine allows URL access filter bypass
High
CVE-2022-23553
was published
for
us.springett:alpine
(Maven)
Aug 5, 2024
Ignite Realtime Openfire privilege escalation vulnerability
High
CVE-2024-25420
was published
for
org.igniterealtime.openfire:xmppserver
(Maven)
Mar 26, 2024
Apache Archiva Incorrect Authorization vulnerability
High
CVE-2024-27139
was published
for
org.apache.archiva:archiva
(Maven)
Mar 1, 2024
Apache Geode vulnerable to Incorrect Authorization
High
CVE-2017-15695
was published
for
org.apache.geode:geode-core
(Maven)
May 13, 2022
Ignite Realtime Openfire privilege escalation vulnerability
High
CVE-2024-25421
was published
for
org.igniterealtime.openfire:xmppserver
(Maven)
Mar 26, 2024
Spring Framework when used in combination with any versions of Spring Security contains an authorization bypass
High
CVE-2018-1258
was published
for
org.springframework:spring-core
(Maven)
Oct 17, 2018
Cleartext Transmission of Sensitive Information in Apache nifi
High
CVE-2018-17195
was published
for
org.apache.nifi:nifi
(Maven)
Dec 20, 2018
Cloud Foundry UAA accepts refresh token as access token on admin endpoints
High
CVE-2018-11047
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 13, 2022
Incorrect Authorization in Apache Tomcat
High
CVE-2016-6797
was published
for
org.apache.tomcat:tomcat
(Maven)
May 13, 2022
Jenkins Black Duck Hub Plugin allowed any user with Overall/Read to read and write its configuration
High
CVE-2018-1000197
was published
for
com.blackducksoftware.integration:blackduck-hub
(Maven)
May 13, 2022
Incorrect Authorization in Jenkins Core
High
CVE-2023-27899
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Mar 10, 2023
Unauthorized view fragment access in Jenkins
High
CVE-2022-34175
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Jun 24, 2022
Incorrect Authorization in Jenkins Script Security Plugin
High
CVE-2019-16538
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 24, 2022
Sandbox bypass vulnerability in Script Security Plugin
High
CVE-2020-2134
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 24, 2022
Sandbox bypass vulnerability in Script Security Plugin
High
CVE-2020-2135
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 24, 2022
Velocity execution without script right through tree macro
High
CVE-2023-50732
was published
for
org.xwiki.platform:xwiki-platform-index-tree-macro
(Maven)
Dec 19, 2023
Quarkus HTTP vulnerable to incorrect evaluation of permissions
High
CVE-2023-4853
was published
for
io.quarkus:quarkus-csrf-reactive
(Maven)
Sep 20, 2023
Apache Ozone user impersonation due to non-validation of Ozone S3 tokens
High
CVE-2021-39236
was published
for
org.apache.hadoop:hadoop-ozone-ozone-manager
(Maven)
Nov 23, 2021
Incorrect Authorization in Apache Ozone
High
CVE-2021-39232
was published
for
org.apache.ozone:ozone-main
(Maven)
Nov 23, 2021
XWiki Platform vulnerable to privilege escalation (PR) from account through TipsPanel
High
CVE-2023-35166
was published
for
org.xwiki.platform:xwiki-platform-help-ui
(Maven)
Jun 20, 2023
Apache Pulsar Broker's Rest Producer vulnerable to Incorrect Authorization
High
CVE-2023-30428
was published
for
org.apache.pulsar:pulsar-broker
(Maven)
Jul 12, 2023
Spring Security's authorization rules can be misconfigured when using multiple servlets
High
CVE-2023-34035
was published
for
org.springframework.security:spring-security-config
(Maven)
Jul 18, 2023
ProTip!
Advisories are also available from the
GraphQL API