GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
130 advisories
Filter by severity
Apache Submarine Server Core Incorrect Authorization vulnerability
Critical
CVE-2024-36265
was published
for
apache-submarine
(Maven)
Jun 12, 2024
SaToken authentication bypass vulnerability
High
CVE-2023-43961
was published
for
cn.dev33:sa-token-core
(Maven)
Oct 25, 2023
Apache Archiva Incorrect Authorization vulnerability
High
CVE-2024-27138
was published
for
org.apache.archiva:archiva
(Maven)
Mar 1, 2024
Microcks's POST /api/import and POST /api/export endpoints allow non-administrator access
Moderate
CVE-2024-44076
was published
for
io.github.microcks:microcks-app
(Maven)
Aug 19, 2024
Apache Kafka: Potential incorrect access control during migration from ZK mode to KRaft mode
Moderate
CVE-2024-27309
was published
for
org.apache.kafka:kafka-metadata
(Maven)
Apr 12, 2024
Alpine allows URL access filter bypass
High
CVE-2022-23553
was published
for
us.springett:alpine
(Maven)
Aug 5, 2024
Ignite Realtime Openfire privilege escalation vulnerability
High
CVE-2024-25420
was published
for
org.igniterealtime.openfire:xmppserver
(Maven)
Mar 26, 2024
Apache Archiva Incorrect Authorization vulnerability
High
CVE-2024-27139
was published
for
org.apache.archiva:archiva
(Maven)
Mar 1, 2024
Authorization bypass in Spring Security
Critical
CVE-2022-22978
was published
for
org.springframework.security:spring-security-core
(Maven)
May 20, 2022
XWiki programming rights may be inherited by inclusion
Critical
CVE-2024-38369
was published
for
org.xwiki.platform:xwiki-platform-rendering-macro-include
(Maven)
Jun 24, 2024
Ant Media Server does not properly authorize non-administrative API calls
Moderate
CVE-2024-3462
was published
for
io.antmedia:ant-media-server
(Maven)
May 14, 2024
Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints
Moderate
CVE-2024-29834
was published
for
org.apache.pulsar:pulsar-broker
(Maven)
Apr 2, 2024
Apache Pulsar: Improper Authorization For Topic-Level Policy Management
Moderate
CVE-2024-28098
was published
for
org.apache.pulsar:pulsar-broker
(Maven)
Mar 12, 2024
Apache Geode vulnerable to Incorrect Authorization
High
CVE-2017-15695
was published
for
org.apache.geode:geode-core
(Maven)
May 13, 2022
Ignite Realtime Openfire privilege escalation vulnerability
High
CVE-2024-25421
was published
for
org.igniterealtime.openfire:xmppserver
(Maven)
Mar 26, 2024
Elasticsearch Incorrect Authorization vulnerability
Moderate
CVE-2024-23451
was published
for
org.elasticsearch:elasticsearch
(Maven)
Mar 27, 2024
Spring Framework when used in combination with any versions of Spring Security contains an authorization bypass
High
CVE-2018-1258
was published
for
org.springframework:spring-core
(Maven)
Oct 17, 2018
Cleartext Transmission of Sensitive Information in Apache nifi
High
CVE-2018-17195
was published
for
org.apache.nifi:nifi
(Maven)
Dec 20, 2018
Cloud Foundry UAA accepts refresh token as access token on admin endpoints
High
CVE-2018-11047
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 13, 2022
Incorrect Authorization in Apache Tomcat
High
CVE-2016-6797
was published
for
org.apache.tomcat:tomcat
(Maven)
May 13, 2022
Jenkins Promoted Builds Plugin allowed unauthorized users to run some promotion processes
Moderate
CVE-2018-1000114
was published
for
org.jenkins-ci.plugins:promoted-builds
(Maven)
May 13, 2022
Jenkins Black Duck Hub Plugin allowed any user with Overall/Read to read and write its configuration
High
CVE-2018-1000197
was published
for
com.blackducksoftware.integration:blackduck-hub
(Maven)
May 13, 2022
Improper authorization vulnerability in Jenkins Mesos Plugin
Moderate
CVE-2018-1000420
was published
for
org.jenkins-ci.plugins:mesos
(Maven)
May 13, 2022
Information leak in Gerrit
Low
CVE-2020-8920
was published
for
com.google.gerrit:gerrit-plugin-api
(Maven)
May 24, 2022
Incorrect permission checks in Jenkins Support Core Plugin
Moderate
CVE-2022-45383
was published
for
org.jenkins-ci.plugins:support-core
(Maven)
Nov 16, 2022
ProTip!
Advisories are also available from the
GraphQL API