Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,467
Erlang
33
GitHub Actions
23
Go
2,172
Maven
5,000+
npm
3,832
NuGet
696
pip
3,508
Pub
12
RubyGems
910
Rust
907
Swift
38
Unreviewed advisories
All unreviewed
5,000+

5,398 advisories

Loading
Incorrect Authorization in Apache Solr Critical
CVE-2020-13957 was published for org.apache.solr:solr-core (Maven) Feb 10, 2022
kurt-r2c jfposton
Maven Archetype Plugin: Maven Archetype integration-test may package local settings into the published artifact, possibly containing credentials Low
CVE-2024-47197 was published for org.apache.maven.plugins:maven-archetype-plugin (Maven) Sep 26, 2024
Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT High
CVE-2025-24813 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Mar 10, 2025
westonsteimel
druid-pac4j, Apache Druid extension, has Padding Oracle vulnerability Low
CVE-2024-45384 was published for org.apache.druid.extensions:druid-pac4j (Maven) Sep 17, 2024
Apache Camel: Camel Message Header Injection via Improper Filtering Moderate
CVE-2025-27636 was published for org.apache.camel:camel-support (Maven) Mar 9, 2025
LocalS3 CreateBucketConfiguration Endpoint XML External Entity (XXE) Injection Moderate
CVE-2025-27136 was published for io.github.robothy:local-s3-rest (Maven) Mar 10, 2025
xbow-security
Keycloak vulnerable to session hijacking via re-authentication Moderate
CVE-2023-6787 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
Apache Linkis DataSource allows arbitrary file reading High
CVE-2023-41916 was published for org.apache.linkis:linkis-datasource (Maven) Jul 15, 2024
Apache Pinot: Unauthorized endpoint exposed sensitive information High
CVE-2024-39676 was published for org.apache.pinot:pinot-controller (Maven) Jul 24, 2024
oscerd
Spring MVC controller vulnerable to a DoS attack Moderate
CVE-2024-38828 was published for org.springframework:spring-webmvc (Maven) Nov 18, 2024
ayamburg-panw Louis-Jones-Evri
Snowflake JDBC Driver client-side encryption key in DEBUG logs Low
CVE-2025-27496 was published for net.snowflake:snowflake-jdbc (Maven) Mar 13, 2025
Jenkins Zoom Plugin is Missing Password Field Masking Low
CVE-2025-0148 was published for io.jenkins.plugins:zoom (Maven) Feb 4, 2025
Jenkins Zoom Plugin Stores Sensitive Information in Cleartext Moderate
CVE-2025-0142 was published for io.jenkins.plugins:zoom (Maven) Jan 30, 2025
Jenkins SonarQube Plugin Stores Passwords in Cleartext Moderate
CVE-2013-5676 was published for org.jenkins-ci.plugins:sonar (Maven) May 17, 2022
Jenkins Subversion Plugin Stores Credentials with Base64 Encoding Moderate
CVE-2013-6372 was published for org.jenkins-ci.plugins:subversion (Maven) May 17, 2022
Jenkins allows Cross-Site Scripting (XSS) Low
CVE-2011-4344 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Jenkins allows Remote Attackers to Hijack Sessions Moderate
CVE-2014-2060 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Jenkins Vulnerable to Clickjacking Moderate
CVE-2014-2063 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Jenkins allows for Code Execution via Crafted Packet to the CLI Moderate
CVE-2014-3666 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Jenkins allows Remote Users to Obtain Sensitive Information from a Plugin Code Moderate
CVE-2014-3667 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Jenkins allows for Privilege Escalation by Remote Authenticated Users Moderate
CVE-2015-1806 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Jenkins does not Restrict Reserved Names Allowing for Privilege Escalation Moderate
CVE-2015-1810 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Jenkins allows Cross-Site Scripting (XSS) Low
CVE-2015-1813 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Jenkins Vulnerable to Denial of Service (DoS) Low
CVE-2015-1808 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Jenkins allows for Privilege Escalation by Remote Authenticated Users Moderate
CVE-2015-1814 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database