GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
19 advisories
Filter by severity
Excessive memory allocation
Moderate
CVE-2018-12541
was published
for
io.vertx:vertx-core
(Maven)
Oct 17, 2018
Cross-site Scripting in Apereo CAS
Moderate
CVE-2021-42567
was published
for
org.apereo.cas:cas-server-core-web
(Maven)
Dec 10, 2021
Exposure of Sensitive Information to an Unauthorized Actor in LemMinX
Moderate
CVE-2022-0672
was published
for
org.eclipse.lemminx:lemminx-parent
(Maven)
Feb 19, 2022
XSS vulnerability in Jenkins Gatling Plugin
Moderate
CVE-2020-2173
was published
for
org.jenkins-ci.plugins:gatling
(Maven)
May 24, 2022
Privilege escalation in Strongbox
Moderate
GHSA-mhgm-52vg-pvvc
was published
for
com.schibsted.security:strongbox-sdk
(Maven)
Feb 16, 2023
Rundeck Community Edition vulnerable to Cross-site Scripting
Moderate
CVE-2019-6804
was published
for
org.rundeck:rundeck
(Maven)
May 13, 2022
Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19
Moderate
GHSA-6hgr-2g6q-3rmc
was published
for
com.vaadin:flow-client
(Maven)
Apr 22, 2021
Missing Release of Memory after Effective Lifetime in Apache Tika
Moderate
CVE-2020-9489
was published
for
org.apache.tika:tika
(Maven)
May 7, 2021
Unauthorized property update in CheckboxGroup component in Vaadin 12-14 and 15-20
Moderate
CVE-2021-33605
was published
for
com.vaadin:vaadin-checkbox-flow
(Maven)
Aug 30, 2021
Authentication Bypass in Apache Tomcat
Moderate
CVE-2012-3546
was published
for
org.apache.tomcat:tomcat
(Maven)
May 17, 2022
fabric8 kubernetes-client vulnerable
Moderate
CVE-2021-4178
was published
for
io.fabric8:kubernetes-client
(Maven)
Jul 15, 2022
API keys stored in plain text by Jenkins Katalon Plugin
Moderate
CVE-2022-43419
was published
for
org.jenkins-ci.plugins:katalon
(Maven)
Oct 19, 2022
Password stored in plain text by Jenkins Nomad Plugin
Moderate
CVE-2021-21681
was published
for
org.jenkins-ci.plugins:nomad
(Maven)
May 24, 2022
Missing permission check in Jenkins RocketChat Notifier Plugin
Moderate
CVE-2022-28139
was published
for
org.jenkins-ci.plugins:rocketchatnotifier
(Maven)
Mar 30, 2022
Insufficient Verification of Data Authenticity in Apache Tomcat
Moderate
CVE-2017-7674
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
XSS vulnerability that affects bootstrap
Moderate
CVE-2018-20676
was published
for
bootstrap
(RubyGems)
Jan 17, 2019
Bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-14042
was published
for
bootstrap
(RubyGems)
Sep 13, 2018
bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-20677
was published
for
bootstrap
(RubyGems)
Jan 17, 2019
Bootstrap vulnerable to Cross-Site Scripting (XSS)
Moderate
CVE-2018-14040
was published
for
bootstrap
(RubyGems)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API