Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,476
Erlang
33
GitHub Actions
24
Go
2,203
Maven
5,000+
npm
3,857
NuGet
696
pip
3,639
Pub
12
RubyGems
912
Rust
913
Swift
38
Unreviewed advisories
All unreviewed
5,000+

295 advisories

Loading
Apache Commons VFS Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2025-30474 was published for org.apache.commons:commons-vfs2 (Maven) Mar 23, 2025
SQL injection in JeecgBoot High
CVE-2024-57606 was published for org.jeecgframework.boot:jeecg-boot-common (Maven) Feb 8, 2025
Maven Archetype Plugin: Maven Archetype integration-test may package local settings into the published artifact, possibly containing credentials Low
CVE-2024-47197 was published for org.apache.maven.plugins:maven-archetype-plugin (Maven) Sep 26, 2024
Apache Pinot: Unauthorized endpoint exposed sensitive information High
CVE-2024-39676 was published for org.apache.pinot:pinot-controller (Maven) Jul 24, 2024
oscerd
Jenkins allows Remote Users to Obtain Sensitive Information from a Plugin Code Moderate
CVE-2014-3667 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Jenkins Exposes Sensitive Information from Job Configuration Moderate
CVE-2016-3724 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Jenkins Exposes Sensitive Information via API URL Moderate
CVE-2016-3727 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Jenkins allows Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2015-5320 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Jenkins allows Unauthorized Viewing of Queue API Information Moderate
CVE-2015-5324 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Jenkins has Information Disclosure via Sidepanel Widget Moderate
CVE-2015-5321 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
com.xwiki.confluencepro:application-confluence-migrator-pro-ui's application homepage is public High
CVE-2025-27604 was published for com.xwiki.confluencepro:application-confluence-migrator-pro-ui (Maven) Mar 7, 2025
Apache Storm Local Information Disclosure Vulnerability in Storm-core on Unix-Like systems due temporary files Moderate
CVE-2023-43123 was published for org.apache.storm:storm-core (Maven) Nov 23, 2023
MarkLee131
Apache ZooKeeper vulnerable to information disclosure in persistent watchers handling Moderate
CVE-2024-23944 was published for org.apache.zookeeper:zookeeper (Maven) Mar 15, 2024
GeoNetwork search end-point information disclosure in response headers Moderate
CVE-2024-32037 was published for org.geonetwork-opensource:gn-services (Maven) Feb 11, 2025
josegar74 jodygarnett
Jenkins discloses project names via fingerprints High
CVE-2015-5317 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
PMD Designer's release key passphrase (GPG) available on Maven Central in cleartext Low
CVE-2025-23215 was published for net.sourceforge.pmd:pmd-core (Maven) Jan 31, 2025
hboutemy
RuoYi allowed unauthorized attackers to view the session ID of the admin in the system monitoring High
CVE-2024-57436 was published for com.ruoyi:ruoyi (Maven) Jan 29, 2025
HL7 FHIR IG Publisher potentially exposes GitHub repo user and credential information Moderate
CVE-2025-24363 was published for org.hl7.fhir.publisher:org.hl7.fhir.publisher.cli (Maven) Jan 24, 2025
pat-ryan-health
Exposure of Sensitive Information to an Unauthorized Actor in Concord High
CVE-2020-10591 was published for com.walmartlabs.concord:concord-common (Maven) Feb 10, 2022
binary-1024
Withdrawn Advisory: undertow: information leakage via HTTP/2 request header reuse High
CVE-2024-4109 was published for io.undertow:undertow-core (Maven) Dec 12, 2024 withdrawn
Field-level security issue with .keyword fields in OpenSearch Moderate
CVE-2023-23613 was published for org.opensearch.plugin:opensearch-security (Maven) Jan 24, 2023
binary-1024
XWiki Platform: Password hash might be leaked by diff once the xobject holding them is deleted Moderate
CVE-2024-31464 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Apr 10, 2024
Keycloak's admin API allows low privilege users to use administrative functions High
CVE-2024-3656 was published for org.keycloak:keycloak-services (Maven) Jun 11, 2024
Welcome and About GeoServer pages communicate version and revision information Moderate
CVE-2024-35230 was published for org.geoserver.web:gs-web-app (Maven) Dec 16, 2024
jodygarnett
http4k has a potential XXE (XML External Entity Injection) vulnerability Critical
CVE-2024-55875 was published for org.http4k:http4k-format-xml (Maven) Dec 12, 2024
JAckLosingHeart
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database