GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
137 advisories
Filter by severity
Keycloak has lack of validation of access token on client registrations endpoint
Moderate
CVE-2023-0091
was published
for
org.keycloak:keycloak-core
(Maven)
Jan 12, 2023
Incorrect Authorization in WildFly Elytron
High
CVE-2020-1748
was published
for
org.wildfly.security:wildfly-elytron
(Maven)
Feb 15, 2022
Improper Authorization in org.cometd.oort
High
CVE-2022-24721
was published
for
org.cometd.java:cometd-java-oort
(Maven)
Mar 15, 2022
Incorrect Authorization in Getahead Direct Web Remoting
High
CVE-2007-0184
was published
for
org.directwebremoting:dwr
(Maven)
May 1, 2022
Incorrect Authorization in Jenkins
Moderate
CVE-2017-2599
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Incorrect Authorization in Undertow
Moderate
CVE-2017-12196
was published
for
io.undertow:undertow-core
(Maven)
May 13, 2022
Incorrect Authorization in Jenkins
Moderate
CVE-2018-1999047
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Improper Privilege Management in Apache Hadoop
High
CVE-2020-9492
was published
for
org.apache.hadoop:hadoop-common
(Maven)
Feb 9, 2022
Resource Exhaustion in Spring Security
High
CVE-2021-22119
was published
for
org.springframework.security:spring-security-core
(Maven)
Jul 2, 2021
Incorrect Authorization in Jenkins Git Plugin
Moderate
CVE-2018-1000110
was published
for
org.jenkins-ci.plugins:git
(Maven)
May 13, 2022
Encoded URIs can access WEB-INF directory in Eclipse Jetty
Moderate
CVE-2021-34429
was published
for
org.eclipse.jetty:jetty-webapp
(Maven)
Jul 19, 2021
Incorrect Authorization in MySQL Connector Java
Moderate
CVE-2021-2471
was published
for
mysql:mysql-connector-java
(Maven)
May 24, 2022
Improper Authorization in Apache Shiro
Critical
CVE-2022-32532
was published
for
org.apache.shiro:shiro-core
(Maven)
Jun 30, 2022
NT auth module vulnerability in OpenAM
Moderate
CVE-2022-34298
was published
for
org.openidentityplatform.openam:openam-core
(Maven)
Jun 24, 2022
XWiki users registered with email verification can self re-activate their disabled accounts
High
CVE-2021-32620
was published
for
org.xwiki.commons:xwiki-commons-core
(Maven)
May 18, 2021
Untrusted users can modify some Pipeline libraries in Jenkins Pipeline: Deprecated Groovy Libraries Plugin
High
CVE-2022-29047
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps-global-lib
(Maven)
Apr 13, 2022
Incorrect Authorization in Jenkins Request Rename Or Delete Plugin
Moderate
CVE-2022-34814
was published
for
org.jenkins-ci.plugins:rrod
(Maven)
Jul 1, 2022
Incorrect Authorization in Jenkins requests-plugin
Moderate
CVE-2022-34782
was published
for
org.jenkins-ci.plugins:requests
(Maven)
Jul 1, 2022
Improper authorization of users and groups with the same base name in Jenkins GitLab Authentication Plugin
High
CVE-2020-2228
was published
for
org.jenkins-ci.plugins:gitlab-oauth
(Maven)
May 24, 2022
Incorrect Authorization in Puppet Enterprise Pipeline Jenkins Plugin
Critical
CVE-2019-10458
was published
for
org.jenkins-ci.plugins.workflow:puppet-enterprise-pipeline
(Maven)
May 24, 2022
Exposure of Sensitive Information to an Unauthorized Actor
Moderate
CVE-2021-22134
was published
for
org.elasticsearch:elasticsearch
(Maven)
Mar 18, 2021
Information Exposure in Apache Tapestry
High
CVE-2021-30638
was published
for
org.apache.tapestry:tapestry-core
(Maven)
Mar 18, 2022
Improper authorization in Keycloak
Moderate
CVE-2022-1466
was published
for
org.keycloak:keycloak-core
(Maven)
Apr 27, 2022
Incorrect Authorization in Jenkins Core
Moderate
CVE-2016-3722
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
Incorrect Authorization in Jenkins Core
Moderate
CVE-2017-2611
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API