Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,800
Erlang
36
GitHub Actions
29
Go
2,380
Maven
5,000+
npm
4,005
NuGet
720
pip
3,805
Pub
12
RubyGems
927
Rust
986
Swift
38
Unreviewed advisories
All unreviewed
5,000+

29 advisories

Loading
Quarkus potentially leaks data when duplicating a duplicated context Moderate
CVE-2025-49574 was published for io.quarkus:quarkus-vertx (Maven) Jun 23, 2025
markusdlugi
Unregistered users can see "public" messages from a closed wiki via notifications from a different wiki Moderate
CVE-2025-32783 was published for org.xwiki.platform:xwiki-platform-messagestream (Maven) Apr 16, 2025
Apache Cassandra: unrestricted deserialization of JMX authentication credentials Moderate
CVE-2024-27137 was published for org.apache.cassandra:cassandra-all (Maven) Feb 4, 2025
org.xwiki.platform:xwiki-platform-oldcore may leak data through deleted and re-created documents Moderate
CVE-2023-37911 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Oct 25, 2023
Apache InLong: General user can delete and update process Moderate
CVE-2023-34189 was published for org.apache.inlong:inlong-manager (Maven) Jul 25, 2023
Java Merge-sort Insecure Temporary File vulnerability Moderate
CVE-2022-24913 was published for com.fasterxml.util:java-merge-sort (Maven) Jan 12, 2023
Apache James server allows an attacker with local access to access private user data in transit Moderate
CVE-2022-45935 was published for org.apache.james:james-server (Maven) Jan 6, 2023
TemporaryFolder on unix-like systems does not limit access to created files Moderate
CVE-2022-41946 was published for org.postgresql:postgresql (Maven) Nov 23, 2022
JLLeitschuh vlsi
Microsoft: CBC Padding Oracle in Azure Blob Storage Encryption Library Moderate
CVE-2022-30187 was published for Azure.Storage.Blobs (Maven) Jul 13, 2022
andrewpollock
Exposure of Resource to Wrong Sphere in Liferay Portal Moderate
CVE-2021-33330 was published for com.liferay.portal:release.portal.bom (Maven) May 24, 2022
Exposure of Resource to Wrong Sphere in Spring Data REST Moderate
CVE-2021-22047 was published for org.springframework.data:spring-data-rest-core (Maven) May 24, 2022
Jenkins JIRA Plugin allows users to select and use credentials with System scope Moderate
CVE-2019-16541 was published for org.jenkins-ci.plugins:jira (Maven) May 24, 2022
Jenkins Google Kubernetes Engine Plugin vulnerable to Exposure of Resource to Wrong Sphere Moderate
CVE-2019-10365 was published for org.jenkins-ci.plugins:google-kubernetes-engine (Maven) May 24, 2022
Local Information Disclosure Vulnerability in io.netty:netty-codec-http Moderate
CVE-2022-24823 was published for io.netty:netty-codec-http (Maven) May 10, 2022
JLLeitschuh
Arbitrary file read vulnerability in Jenkins Tests Selector Plugin Moderate
CVE-2022-28160 was published for org.jenkins-ci.plugins:selected-tests-executor (Maven) Mar 30, 2022
NotMyFault
Incorrect Authorization in keycloak Moderate
CVE-2020-1725 was published for org.keycloak:keycloak-parent (Maven) Feb 9, 2022
Missing permission checks in SSH Agent Plugin allow enumerating credentials IDs Moderate
CVE-2022-20620 was published for org.jenkins-ci.plugins:ssh-agent (Maven) Jan 13, 2022
westonsteimel
SQL Injection in Apache Kylin Moderate
CVE-2021-36774 was published for org.apache.kylin:kylin (Maven) Jan 8, 2022
Malicious Atomix node queries expose sensitive information Moderate
CVE-2020-35215 was published for io.atomix:atomix (Maven) Dec 17, 2021
Apache Ozone exposes OM, SCM and Datanode metadata Moderate
CVE-2021-41532 was published for org.apache.ozone:ozone-main (Maven) Nov 23, 2021
Druid ingestion system Authenticated users can read data from other sources than intended Moderate
CVE-2021-36749 was published for org.apache.druid:druid-core (Maven) Sep 27, 2021
The reset password form reveal users email address Moderate
CVE-2021-32731 was published for org.xwiki.platform:xwiki-platform-web (Maven) Jul 2, 2021
Possible route enumeration in production mode via RouteNotFoundError view in Vaadin 10, 11-14, and 15-19 Moderate
CVE-2021-31412 was published for com.vaadin:vaadin-bom (Maven) Jun 28, 2021
Creation of Temporary File in Directory with Insecure Permissions in auto-generated Java, Scala code Moderate
CVE-2021-21430 was published for org.openapitools:openapi-generator (Maven) May 11, 2021
JLLeitschuh
Man-in-the-middle attack in Apache Cassandra Moderate
CVE-2020-13946 was published for org.apache.cassandra:cassandra-all (Maven) May 7, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database