Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+

12 advisories

Loading
Directory traversal in Mort Bay Jetty Moderate
CVE-2009-1523 was published for org.mortbay.jetty:jetty (Maven) May 2, 2022
joshbressers
Improper Input Validation in Spring Framework Moderate
CVE-2020-5421 was published for org.springframework:spring-framework-bom (Maven) Apr 30, 2021
joshbressers
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch Moderate
CVE-2021-22137 was published for org.elasticsearch:elasticsearch (Maven) May 24, 2022
joshbressers
Cross-site request forgery vulnerability in Jenkins Nomad Plugin Moderate
CVE-2019-1003092 was published for org.jenkins-ci.plugins:nomad (Maven) May 13, 2022
joshbressers
Origin Validation Error in Apache Maven Critical
CVE-2021-26291 was published for org.apache.maven:maven-compat (Maven) Jun 16, 2021
joshbressers
Eclipse Jetty Server generates error message containing sensitive information Moderate
CVE-2018-12536 was published for org.eclipse.jetty:jetty-server (Maven) Oct 19, 2018
joshbressers
Spring Security logout not clearing security context Moderate
CVE-2023-20862 was published for org.springframework.security:spring-security-core (Maven) Apr 19, 2023
joshbressers
Information Disclosure in Guava Low
CVE-2020-8908 was published for com.google.guava:guava (Maven) Mar 25, 2021
joshbressers
Apache James MIME4J vulnerable to information disclosure to local users Moderate
CVE-2022-45787 was published for org.apache.james:apache-mime4j-storage (Maven) Jan 6, 2023
joshbressers
RestEasy Reactive implementation of Quarkus allows Creation of Temporary File With Insecure Permissions Low
CVE-2023-0481 was published for io.quarkus.resteasy.reactive:resteasy-reactive-common (Maven) Feb 24, 2023
joshbressers
SmallRye Health UI Cross-site Scripting vulnerability Moderate
CVE-2021-3914 was published for io.smallrye:smallrye-health-ui (Maven) Aug 26, 2022
joshbressers
NULL Pointer Dereference in Protocol Buffers High
CVE-2021-22570 was published for Google.Protobuf (Composer) Jan 27, 2022
joshbressers
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database