GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
41 advisories
Filter by severity
Incorrect Authorization in Apache Tomcat
High
CVE-2016-6797
was published
for
org.apache.tomcat:tomcat
(Maven)
May 13, 2022
Incorrect Authorization in Getahead Direct Web Remoting
High
CVE-2007-0184
was published
for
org.directwebremoting:dwr
(Maven)
May 1, 2022
Untrusted users can modify some Pipeline libraries in Jenkins Pipeline: Deprecated Groovy Libraries Plugin
High
CVE-2022-29047
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps-global-lib
(Maven)
Apr 13, 2022
Information Exposure in Apache Tapestry
High
CVE-2021-30638
was published
for
org.apache.tapestry:tapestry-core
(Maven)
Mar 18, 2022
Improper Authorization in org.cometd.oort
High
CVE-2022-24721
was published
for
org.cometd.java:cometd-java-oort
(Maven)
Mar 15, 2022
Incorrect Authorization in WildFly Elytron
High
CVE-2020-1748
was published
for
org.wildfly.security:wildfly-elytron
(Maven)
Feb 15, 2022
Improper Privilege Management in Apache Hadoop
High
CVE-2020-9492
was published
for
org.apache.hadoop:hadoop-common
(Maven)
Feb 9, 2022
Improper Authorization in Keycloak
High
CVE-2021-4133
was published
for
org.keycloak:keycloak-services
(Maven)
Jan 6, 2022
Incorrect Authorization in Apache Ozone
High
CVE-2021-39232
was published
for
org.apache.ozone:ozone-main
(Maven)
Nov 23, 2021
Apache Ozone user impersonation due to non-validation of Ozone S3 tokens
High
CVE-2021-39236
was published
for
org.apache.hadoop:hadoop-ozone-ozone-manager
(Maven)
Nov 23, 2021
Communities and collections administrators can escalate their privilege up to system administrator
High
CVE-2021-41189
was published
for
org.dspace:dspace-api
(Maven)
Nov 1, 2021
Improper Authorization in Google OAuth Client
High
CVE-2020-7692
was published
for
com.google.oauth-client:google-oauth-client
(Maven)
Sep 28, 2021
Resource Exhaustion in Spring Security
High
CVE-2021-22119
was published
for
org.springframework.security:spring-security-core
(Maven)
Jul 2, 2021
XWiki users registered with email verification can self re-activate their disabled accounts
High
CVE-2021-32620
was published
for
org.xwiki.commons:xwiki-commons-core
(Maven)
May 18, 2021
Cleartext Transmission of Sensitive Information in Apache nifi
High
CVE-2018-17195
was published
for
org.apache.nifi:nifi
(Maven)
Dec 20, 2018
Spring Framework when used in combination with any versions of Spring Security contains an authorization bypass
High
CVE-2018-1258
was published
for
org.springframework:spring-core
(Maven)
Oct 17, 2018
ProTip!
Advisories are also available from the
GraphQL API