Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

273 advisories

Loading
Maven Archetype Plugin: Maven Archetype integration-test may package local settings into the published artifact, possibly containing credentials Low
CVE-2024-47197 was published for org.apache.maven.plugins:maven-archetype-plugin (Maven) Sep 26, 2024
Temporary File Information Disclosure vulnerability in MPXJ Low
CVE-2022-41954 was published for mpxj (Maven) Nov 28, 2022
JLLeitschuh jkmartindale
org.xwiki.platform:xwiki-platform-notifications-ui leaks data of notification filters of users Moderate
CVE-2024-46979 was published for org.xwiki.platform:xwiki-platform-notifications-ui (Maven) Sep 18, 2024
Apache Atlas produces Stack trace in error response High
CVE-2017-3154 was published for org.apache.atlas:atlas-common (Maven) May 17, 2022
Apache RocketMQ Vulnerable to Unauthorized Exposure of Sensitive Data Moderate
CVE-2024-23321 was published for org.apache.rocketmq:rocketmq-all (Maven) Jul 22, 2024
oscerd
Apache Solr's Streaming Expressions allow users to extract data from other Solr Clouds Moderate
CVE-2023-50298 was published for org.apache.solr:solr-solrj (Maven) Feb 9, 2024
DanielRuf
Apache Sling Authentication Service vulnerability High
CVE-2017-15700 was published for org.apache.sling:org.apache.sling.auth.core (Maven) May 14, 2022
oscerd
Apereo CAS vulnerable to credential leaks for LDAP authentication Moderate
CVE-2023-28857 was published for org.apereo.cas:cas-server-support-x509-core (Maven) Aug 5, 2024
Apache Pinot: Unauthorized endpoint exposed sensitive information High
CVE-2024-39676 was published for org.apache.pinot:pinot-controller (Maven) Jul 24, 2024
oscerd
Quarkus Cache Runtime exposes sensitive information to an unauthorized actor Moderate
CVE-2023-6393 was published for io.quarkus:quarkus-cache (Maven) Dec 6, 2023
Keycloak exposes sensitive information in Pushed Authorization Requests (PAR) High
CVE-2024-4540 was published for org.keycloak:keycloak-services (Maven) Jun 10, 2024
mschallar
Duplicate Advisory: Keycloak exposes sensitive information in Pushed Authorization Requests (PAR) High
GHSA-4vrx-8phj-x3mg was published for org.keycloak:keycloak-services (Maven) Jun 3, 2024 withdrawn
Eclipse Vert.x memory leak Moderate
CVE-2024-1023 was published for io.vertx:vertx-core (Maven) Mar 27, 2024
marcelstoer
Apache Pulsar SASL Authentication Provider observable timing discrepancy vulnerability High
CVE-2023-51437 was published for org.apache.pulsar:pulsar-broker-auth-sasl (Maven) Feb 7, 2024
Jberet: jberet-core logging database credentials Moderate
CVE-2024-1102 was published for org.jberet:jberet-core (Maven) Apr 25, 2024
Password exposure in H2 Database High
CVE-2022-45868 was published for com.h2database:h2 (Maven) Nov 23, 2022
mrjonstrong pjfanning
amita-seal
GeoServer's Server Status shows sensitive environmental variables and Java properties Moderate
CVE-2024-34696 was published for org.geoserver.web:gs-web-app (Maven) Jul 1, 2024
miceg jodygarnett
Exposure of secrets through system log in Jenkins Structs Plugin Low
CVE-2024-39458 was published for org.jenkins-ci.plugins:structs (Maven) Jun 26, 2024
Elasticsearch Remote Cluster Search Cross Cluster API Key insufficient restrictions Moderate
CVE-2024-23445 was published for org.elasticsearch:elasticsearch (Maven) Jun 12, 2024
BoringSSLAEADContext in Netty Repeats Nonces Moderate
CVE-2024-36121 was published for io.netty.incubator:netty-incubator-codec-ohttp (Maven) Jun 5, 2024
SalusaSecondus
Possible information disclosure inside TreeGrid component with default data provider Moderate
CVE-2022-29567 was published for com.vaadin:vaadin (Maven) May 25, 2022
SunBK201
Apache ZooKeeper vulnerable to information disclosure in persistent watchers handling Moderate
CVE-2024-23944 was published for org.apache.zookeeper:zookeeper (Maven) Mar 15, 2024
Quarkus OIDC can leak both ID and access tokens High
CVE-2023-1584 was published for io.quarkus:quarkus-oidc (Maven) Oct 4, 2023
Keycloak leaks sensitive information in logged exceptions Moderate
CVE-2020-1698 was published for org.keycloak:keycloak-core (Maven) May 24, 2022
Credential leak in org.apache.directory.api:apache-ldap-api Critical
CVE-2018-1337 was published for org.apache.directory.api:apache-ldap-api (Maven) Nov 9, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database