Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,760
NuGet
678
pip
3,446
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

281 advisories

Loading
Apache MyFaces Vulnerable to EL Injection High
CVE-2011-4343 was published for org.apache.myfaces.core:myfaces-core-module (Maven) May 17, 2022
Zend Framework Information Disclosure High
CVE-2015-7503 was published for zendframework/zend-crypt (Composer) May 17, 2022
Apache Sling Authentication Service vulnerability High
CVE-2017-15700 was published for org.apache.sling:org.apache.sling.auth.core (Maven) May 14, 2022
oscerd
Dolibarr sensitive information disclosure High
CVE-2017-17898 was published for dolibarr/dolibarr (Composer) May 14, 2022
backup-agoddard and backup_checksum have Information Exposure vulnerability High
CVE-2014-4993 was published for backup-agoddard (RubyGems) May 14, 2022
codders-dataset Process Table Local Plaintext Credential Disclosure High
CVE-2014-4991 was published for codders-dataset (RubyGems) May 14, 2022
jasnow
VladTheEnterprising allows local users to obtain sensitive information by reading MySQL root password from temporary file High
CVE-2014-4995 was published for VladTheEnterprising (RubyGems) May 14, 2022
kajam allows local users to obtain sensitive information by listing the process High
CVE-2014-4999 was published for kajam (RubyGems) May 14, 2022
point-cli allows local users to obtain sensitive information by listing the process High
CVE-2014-4997 was published for point-cli (RubyGems) May 14, 2022
lean-ruport allows local users to obtain sensitive information by listing the process High
CVE-2014-4998 was published for lean-ruport (RubyGems) May 14, 2022
Apache Geode gfsh authorization vulnerability High
CVE-2017-12622 was published for org.apache.geode:geode-core (Maven) May 14, 2022
Apache Sling JCR ContentLoader XmlReader Arbitrary File Load High
CVE-2012-3353 was published for org.apache.sling:org.apache.sling.jcr.contentloader (Maven) May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Jasypt High
CVE-2014-9970 was published for org.jasypt:jasypt (Maven) May 14, 2022
Cloud Foundry UAA SessionID present in Audit Event Logs High
CVE-2018-1192 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 14, 2022
sunSUNQ
Apache Geode configuration request authorization vulnerability High
CVE-2017-15696 was published for org.apache.geode:geode-core (Maven) May 14, 2022
Drupal Comment reply form allows access to restricted content High
CVE-2017-6926 was published for drupal/core (Composer) May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Sling Servlets Post High
CVE-2016-0956 was published for org.apache.sling:org.apache.sling.servlets.post (Maven) May 14, 2022
Apache OpenMeetings allows remote attackers to read arbitrary files by attempting to upload a file High
CVE-2016-2164 was published for org.apache.openmeetings:openmeetings-parent (Maven) May 14, 2022
LFI in PHP-Proxy 5.1.0 High
CVE-2018-19246 was published for athlon1600/php-proxy (Composer) May 14, 2022
Exposure of Sensitive Information in System.Net.Http High
CVE-2019-0545 was published for Microsoft.NETCore.App (NuGet) May 14, 2022
Exposure of Sensitive Information in Apache Pluto High
CVE-2018-1306 was published for org.apache.portals.pluto:pluto-container (Maven) May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat High
CVE-2017-5647 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
kurt-r2c sunSUNQ
r3kumar
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat High
CVE-2017-12616 was published for org.apache.tomcat:tomcat-catalina (Maven) May 14, 2022
Apache Tomcat allows remote attackers to read data that was intended to be associated with a different request High
CVE-2016-8747 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins High
CVE-2018-1000410 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database