Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,164
Erlang
30
GitHub Actions
19
Go
1,973
Maven
5,000+
npm
3,695
NuGet
654
pip
3,311
Pub
11
RubyGems
881
Rust
831
Swift
35
Unreviewed advisories
All unreviewed
5,000+

38 advisories

Loading
Excessive memory allocation Moderate
CVE-2018-12541 was published for io.vertx:vertx-core (Maven) Oct 17, 2018
tdunlap607
Missing authentication in ShenYu High
CVE-2022-23945 was published for org.apache.shenyu:shenyu-common (Maven) Jan 28, 2022
tdunlap607
Signature verification vulnerability in Stark Bank ecdsa libraries High
GHSA-9wx7-jrvc-28mm was published for com.starkbank:ecdsa-java (Maven) Nov 8, 2021
tdunlap607
Cross-site Scripting in Apereo CAS Moderate
CVE-2021-42567 was published for org.apereo.cas:cas-server-core-web (Maven) Dec 10, 2021
tdunlap607
Restlet Framework allows remote attackers to access arbitrary files via a crafted REST API HTTP request High
CVE-2017-14949 was published for org.restlet.jse:org.restlet (Maven) Oct 17, 2018
tdunlap607
Eclipse Vert.x does not properly neutralize '' (forward slashes) sequences that can resolve to an external location Critical
CVE-2018-12542 was published for io.vertx:vertx-web (Maven) Oct 17, 2018
tdunlap607
Incorrect access control in Neo4j Enterprise Database Server via LDAP authentication Critical
CVE-2018-18389 was published for org.neo4j:neo4j-enterprise (Maven) Oct 17, 2018
tdunlap607
Gluu Oxauth before v4.4.1 vulnerable to Server-Side Request Forgery attacks via a crafted request_uri parameter Critical
CVE-2022-36663 was published for org.gluu:oxauth-common (Maven) Sep 7, 2022
tdunlap607
Jenkins Zulip Plugin vulnerable to Insufficiently Protected Credentials High
CVE-2019-10476 was published for org.jenkins-ci.plugins:zulip (Maven) May 24, 2022
tdunlap607
Exposure of Sensitive Information to an Unauthorized Actor in LemMinX Moderate
CVE-2022-0672 was published for org.eclipse.lemminx:lemminx-parent (Maven) Feb 19, 2022
tdunlap607
XSS vulnerability in Jenkins Gatling Plugin Moderate
CVE-2020-2173 was published for org.jenkins-ci.plugins:gatling (Maven) May 24, 2022
NotMyFault tdunlap607
Privilege escalation in Strongbox Moderate
GHSA-mhgm-52vg-pvvc was published for com.schibsted.security:strongbox-sdk (Maven) Feb 16, 2023
tdunlap607
Rundeck Community Edition vulnerable to Cross-site Scripting Moderate
CVE-2019-6804 was published for org.rundeck:rundeck (Maven) May 13, 2022
tdunlap607
OHDSI WebAPI vulnerable to SQL Injection Critical
CVE-2019-15563 was published for org.ohdsi:WebAPI (Maven) May 24, 2022
tdunlap607
Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19 Moderate
GHSA-6hgr-2g6q-3rmc was published for com.vaadin:flow-client (Maven) Apr 22, 2021
tdunlap607
Eclipse Californium denial of service (DoS) via Datagram Transport Layer Security (DTLS) handshake on parameter mismatch High
CVE-2022-2576 was published for org.eclipse.californium:californium-core (Maven) Jul 30, 2022
tdunlap607
Improper Verification of Cryptographic Signature in starkbank-ecdsa Critical
CVE-2021-43570 was published for com.starkbank:starkbank-ecdsa (Maven) Nov 10, 2021
tdunlap607
Missing authentication in ShenYu Critical
CVE-2022-23944 was published for org.apache.shenyu:shenyu-common (Maven) Jan 28, 2022
tdunlap607
ZK Framework vulnerable to malicious POST High
CVE-2022-36537 was published for org.zkoss.zk:zk (Maven) Aug 27, 2022
tdunlap607
Missing Release of Memory after Effective Lifetime in Apache Tika Moderate
CVE-2020-9489 was published for org.apache.tika:tika (Maven) May 7, 2021
tdunlap607
Unauthorized property update in CheckboxGroup component in Vaadin 12-14 and 15-20 Moderate
CVE-2021-33605 was published for com.vaadin:vaadin-checkbox-flow (Maven) Aug 30, 2021
tdunlap607
Authentication Bypass in Apache Tomcat Moderate
CVE-2012-3546 was published for org.apache.tomcat:tomcat (Maven) May 17, 2022
tdunlap607
Deserialization of Untrusted Data in Infinispan High
CVE-2017-15089 was published for org.infinispan:infinispan-core (Maven) May 14, 2022
tdunlap607
fabric8 kubernetes-client vulnerable Moderate
CVE-2021-4178 was published for io.fabric8:kubernetes-client (Maven) Jul 15, 2022
sbenhai tdunlap607
http-cache-semantics vulnerable to Regular Expression Denial of Service High
CVE-2022-25881 was published for http-cache-semantics (Maven) Jan 31, 2023
tdunlap607
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database