GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
19 advisories
Filter by severity
Directory traversal in Mort Bay Jetty
Moderate
CVE-2009-1523
was published
for
org.mortbay.jetty:jetty
(Maven)
May 2, 2022
Improper Input Validation in Spring Framework
Moderate
CVE-2020-5421
was published
for
org.springframework:spring-framework-bom
(Maven)
Apr 30, 2021
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
Moderate
CVE-2021-22137
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 24, 2022
Cross-site request forgery vulnerability in Jenkins Nomad Plugin
Moderate
CVE-2019-1003092
was published
for
org.jenkins-ci.plugins:nomad
(Maven)
May 13, 2022
Origin Validation Error in Apache Maven
Critical
CVE-2021-26291
was published
for
org.apache.maven:maven-compat
(Maven)
Jun 16, 2021
Secret insertion into debug log in Docker
High
CVE-2019-13509
was published
for
github.com/docker/docker
(Go)
May 24, 2022
Eclipse Jetty Server generates error message containing sensitive information
Moderate
CVE-2018-12536
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Oct 19, 2018
Apache HTTP Server via mod_proxy_uwsgi HTTP response smuggling
High
CVE-2023-27522
was published
for
uWSGI
(pip)
Mar 7, 2023
pg-native and libpq vulnerable to uncontrolled resource consumption
High
CVE-2022-25852
was published
for
libpq
(npm)
Jun 18, 2022
Spring Security logout not clearing security context
Moderate
CVE-2023-20862
was published
for
org.springframework.security:spring-security-core
(Maven)
Apr 19, 2023
Information Disclosure in Guava
Low
CVE-2020-8908
was published
for
com.google.guava:guava
(Maven)
Mar 25, 2021
Apache James MIME4J vulnerable to information disclosure to local users
Moderate
CVE-2022-45787
was published
for
org.apache.james:apache-mime4j-storage
(Maven)
Jan 6, 2023
RestEasy Reactive implementation of Quarkus allows Creation of Temporary File With Insecure Permissions
Low
CVE-2023-0481
was published
for
io.quarkus.resteasy.reactive:resteasy-reactive-common
(Maven)
Feb 24, 2023
SmallRye Health UI Cross-site Scripting vulnerability
Moderate
CVE-2021-3914
was published
for
io.smallrye:smallrye-health-ui
(Maven)
Aug 26, 2022
stereoscope vulnerable to tar path traversal when processing OCI tar archives
Moderate
CVE-2024-24579
was published
for
github.com/anchore/stereoscope
(Go)
Jan 31, 2024
Calico vulnerable to pod route hijacking
Moderate
CVE-2022-28224
was published
for
github.com/projectcalico/calico
(Go)
Jun 7, 2022
Ingress-nginx code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation
High
CVE-2023-5044
was published
for
k8s.io/ingress-nginx
(Go)
Oct 25, 2023
lxml Cross-site Scripting Via Control Characters
Moderate
CVE-2014-3146
was published
for
lxml
(pip)
May 14, 2022
NULL Pointer Dereference in Protocol Buffers
High
CVE-2021-22570
was published
for
Google.Protobuf
(Composer)
Jan 27, 2022
ProTip!
Advisories are also available from the
GraphQL API