Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+

137 advisories

Loading
Incorrect Authorization in Jenkins Moderate
CVE-2018-1999003 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Incorrect Authorization in Getahead Direct Web Remoting High
CVE-2007-0184 was published for org.directwebremoting:dwr (Maven) May 1, 2022
Improper authorization in Keycloak Moderate
CVE-2022-1466 was published for org.keycloak:keycloak-core (Maven) Apr 27, 2022
Keycloak vulnerable to privilege escalation on Token Exchange feature Critical
CVE-2022-1245 was published for org.keycloak:keycloak-services (Maven) Apr 26, 2022
knutz3n kurt-r2c
Untrusted users can modify some Pipeline libraries in Jenkins Pipeline: Deprecated Groovy Libraries Plugin High
CVE-2022-29047 was published for org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (Maven) Apr 13, 2022
NotMyFault
Permissions bypass in SmallRye Moderate
CVE-2020-1729 was published for io.smallrye.config:smallrye-config (Maven) Mar 18, 2022
Information Exposure in Apache Tapestry High
CVE-2021-30638 was published for org.apache.tapestry:tapestry-core (Maven) Mar 18, 2022
Improper Authorization in org.cometd.oort High
CVE-2022-24721 was published for org.cometd.java:cometd-java-oort (Maven) Mar 15, 2022
Access Control vulnerability within CoreNLP Critical
CVE-2021-44550 was published for edu.stanford.nlp:stanford-corenlp (Maven) Feb 25, 2022
Incorrect Authorization in WildFly Elytron High
CVE-2020-1748 was published for org.wildfly.security:wildfly-elytron (Maven) Feb 15, 2022
Incorrect Authorization in Apache Solr Critical
CVE-2020-13957 was published for org.apache.solr:solr-parent (Maven) Feb 10, 2022
kurt-r2c
Incorrect Authorization in Apache Solr Moderate
CVE-2018-11802 was published for org.apache.solr:solr-core (Maven) Feb 9, 2022
Improper Privilege Management in Apache Hadoop High
CVE-2020-9492 was published for org.apache.hadoop:hadoop-common (Maven) Feb 9, 2022
Partial authorization bypass on document save in xwiki-platform Moderate
CVE-2022-23615 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Feb 9, 2022
Incorrect Authorization in keycloak Moderate
CVE-2020-1725 was published for org.keycloak:keycloak-parent (Maven) Feb 9, 2022
Improper Input Validation in Apache Pulsar Moderate
CVE-2021-41571 was published for org.apache.pulsar:pulsar (Maven) Feb 2, 2022
Improper Authorization in Keycloak High
CVE-2021-4133 was published for org.keycloak:keycloak-services (Maven) Jan 6, 2022
Incorrect Authorization in Apache Ozone Critical
CVE-2021-39233 was published for org.apache.ozone:ozone-main (Maven) Nov 23, 2021
Incorrect Authorization in Apache Ozone High
CVE-2021-39232 was published for org.apache.ozone:ozone-main (Maven) Nov 23, 2021
Apache Ozone user impersonation due to non-validation of Ozone S3 tokens High
CVE-2021-39236 was published for org.apache.hadoop:hadoop-ozone-ozone-manager (Maven) Nov 23, 2021
Incorrect Authorization in Apache Ozone Moderate
CVE-2021-39234 was published for org.apache.ozone:ozone-main (Maven) Nov 23, 2021
Request injection in Spring Cloud Gateway Moderate
CVE-2021-22051 was published for org.springframework.cloud:spring-cloud-gateway (Maven) Nov 10, 2021
Communities and collections administrators can escalate their privilege up to system administrator High
CVE-2021-41189 was published for org.dspace:dspace-api (Maven) Nov 1, 2021
abollini
Improper Authorization in Google OAuth Client High
CVE-2020-7692 was published for com.google.oauth-client:google-oauth-client (Maven) Sep 28, 2021
Druid ingestion system Authenticated users can read data from other sources than intended Moderate
CVE-2021-36749 was published for org.apache.druid:druid-core (Maven) Sep 27, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database