Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+

175 advisories

Loading
Jenkins Credentials plugin reveals encrypted values of credentials to users with Extended Read permission Moderate
CVE-2024-47805 was published for org.jenkins-ci.plugins:credentials (Maven) Oct 2, 2024
org.xwiki.platform:xwiki-platform-notifications-ui leaks data of notification filters of users Moderate
CVE-2024-46979 was published for org.xwiki.platform:xwiki-platform-notifications-ui (Maven) Sep 18, 2024
Apache RocketMQ Vulnerable to Unauthorized Exposure of Sensitive Data Moderate
CVE-2024-23321 was published for org.apache.rocketmq:rocketmq-all (Maven) Jul 22, 2024
oscerd
Apache Solr's Streaming Expressions allow users to extract data from other Solr Clouds Moderate
CVE-2023-50298 was published for org.apache.solr:solr-solrj (Maven) Feb 9, 2024
DanielRuf
Apereo CAS vulnerable to credential leaks for LDAP authentication Moderate
CVE-2023-28857 was published for org.apereo.cas:cas-server-support-x509-core (Maven) Aug 5, 2024
Quarkus Cache Runtime exposes sensitive information to an unauthorized actor Moderate
CVE-2023-6393 was published for io.quarkus:quarkus-cache (Maven) Dec 6, 2023
Eclipse Vert.x memory leak Moderate
CVE-2024-1023 was published for io.vertx:vertx-core (Maven) Mar 27, 2024
marcelstoer
Jberet: jberet-core logging database credentials Moderate
CVE-2024-1102 was published for org.jberet:jberet-core (Maven) Apr 25, 2024
GeoServer's Server Status shows sensitive environmental variables and Java properties Moderate
CVE-2024-34696 was published for org.geoserver.web:gs-web-app (Maven) Jul 1, 2024
miceg jodygarnett
Elasticsearch Remote Cluster Search Cross Cluster API Key insufficient restrictions Moderate
CVE-2024-23445 was published for org.elasticsearch:elasticsearch (Maven) Jun 12, 2024
BoringSSLAEADContext in Netty Repeats Nonces Moderate
CVE-2024-36121 was published for io.netty.incubator:netty-incubator-codec-ohttp (Maven) Jun 5, 2024
SalusaSecondus
Possible information disclosure inside TreeGrid component with default data provider Moderate
CVE-2022-29567 was published for com.vaadin:vaadin (Maven) May 25, 2022
SunBK201
Apache ZooKeeper vulnerable to information disclosure in persistent watchers handling Moderate
CVE-2024-23944 was published for org.apache.zookeeper:zookeeper (Maven) Mar 15, 2024
Keycloak leaks sensitive information in logged exceptions Moderate
CVE-2020-1698 was published for org.keycloak:keycloak-core (Maven) May 24, 2022
XWiki Platform: Password hash might be leaked by diff once the xobject holding them is deleted Moderate
CVE-2024-31464 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Apr 10, 2024
TemporaryFolder on unix-like systems does not limit access to created files Moderate
CVE-2022-41946 was published for org.postgresql:postgresql (Maven) Nov 23, 2022
JLLeitschuh vlsi
Information Disclosure in Apache Tomcat Moderate
CVE-2021-24122 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) May 13, 2021
sunSUNQ
Exposure of Sensitive Information to an Unauthorized Actor in Apache HttpClient Moderate
CVE-2011-1498 was published for org.apache.httpcomponents:httpclient (Maven) May 17, 2022
MarkLee131
Jenkins allows attackers to determine whether a user exists Moderate
CVE-2014-2064 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
sunSUNQ
Exposure of Sensitive Information to an Unauthorized Actor in SonarSource SonarQube API Moderate
CVE-2018-19413 was published for org.sonarsource.sonarqube:sonar-plugin-api (Maven) May 14, 2022
MarkLee131
Exposure of Sensitive Information to an Unauthorized Actor in Apache syncope-cope Moderate
CVE-2018-1322 was published for org.apache.syncope:syncope-core (Maven) Nov 6, 2018
MarkLee131
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat Moderate
CVE-2013-4590 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
Apache Tomcat Allows Replacing of XML Parser Moderate
CVE-2011-2481 was published for org.apache.tomcat:tomcat (Maven) May 17, 2022
sunSUNQ
Insertion of Sensitive Information into Log File in Apache Tomcat Moderate
CVE-2011-2204 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
Apache Tomcat Source Code Disclosure Moderate
CVE-2002-1148 was published for org.apache.tomcat:tomcat (Maven) Apr 30, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database