GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
57 advisories
Filter by severity
Java Merge-sort Insecure Temporary File vulnerability
Moderate
CVE-2022-24913
was published
for
com.fasterxml.util:java-merge-sort
(Maven)
Jan 12, 2023
OSGi applications using Vaadin 12-14 and 19 vulnerable to server classes and resources exposure
High
CVE-2021-31407
was published
for
com.vaadin:flow-server
(Maven)
Apr 19, 2021
Local information disclosure via system temporary directory
Moderate
CVE-2021-28168
was published
for
org.glassfish.jersey.core:jersey-common
(Maven)
Apr 23, 2021
Local Information Disclosure Vulnerability in io.netty:netty-codec-http
Moderate
CVE-2022-24823
was published
for
io.netty:netty-codec-http
(Maven)
May 10, 2022
Exposure of Resource to Wrong Sphere in Spring Cloud OpenFeign
High
CVE-2021-22044
was published
for
org.springframework.cloud:spring-cloud-openfeign-core
(Maven)
May 24, 2022
Exposure of Resource to Wrong Sphere in Spring Data REST
Moderate
CVE-2021-22047
was published
for
org.springframework.data:spring-data-rest-core
(Maven)
May 24, 2022
Temporary Directory Hijacking to Local Privilege Escalation Vulnerability in org.springframework.boot:spring-boot
High
CVE-2022-27772
was published
for
org.springframework.boot:spring-boot
(Maven)
Jul 11, 2022
HTSJDK is vulnerable to exposure of resource(s) to the wrong sphere
High
CVE-2022-21126
was published
for
com.github.samtools:htsjdk
(Maven)
Nov 29, 2022
Undertow vulnerable to Denial of Service (DoS) attacks
High
CVE-2021-3859
was published
for
io.undertow:undertow-core
(Maven)
Jul 15, 2022
ManyDesigns Portofino subject to creation of insecure temporary file
High
CVE-2022-3952
was published
for
com.manydesigns:portofino
(Maven)
Nov 11, 2022
Potential sensitive data exposure in applications using Vaadin 15
Low
CVE-2020-36319
was published
for
com.vaadin:flow-server
(Maven)
Apr 19, 2021
Possible route enumeration in production mode via RouteNotFoundError view in Vaadin 10, 11-14, and 15-19
Moderate
CVE-2021-31412
was published
for
com.vaadin:vaadin-bom
(Maven)
Jun 28, 2021
Arbitrary code execution in Apache Druid
High
CVE-2021-26919
was published
for
org.apache.druid:druid
(Maven)
Jun 16, 2021
The reset password form reveal users email address
Moderate
CVE-2021-32731
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Jul 2, 2021
Creation of Temporary File in Directory with Insecure Permissions in auto-generated Java, Scala code
Moderate
CVE-2021-21430
was published
for
org.openapitools:openapi-generator
(Maven)
May 11, 2021
Arbitrary filesystem write access from velocity.
High
CVE-2022-24897
was published
for
org.xwiki.commons:xwiki-commons-velocity
(Maven)
Apr 28, 2022
Apache Ozone exposes OM, SCM and Datanode metadata
Moderate
CVE-2021-41532
was published
for
org.apache.ozone:ozone-main
(Maven)
Nov 23, 2021
pgjdbc Does Not Check Class Instantiation when providing Plugin Classes
High
CVE-2022-21724
was published
for
org.postgresql:postgresql
(Maven)
Feb 2, 2022
Sensitive Data Exposure in Apache Ant
Moderate
CVE-2020-1945
was published
for
org.apache.ant:ant
(Maven)
Sep 14, 2020
Exposure of class information in RESTEasy
Moderate
CVE-2021-20289
was published
for
org.jboss.resteasy:resteasy-core
(Maven)
Apr 7, 2021
Incorrect Authorization in keycloak
Moderate
CVE-2020-1725
was published
for
org.keycloak:keycloak-parent
(Maven)
Feb 9, 2022
Man-in-the-middle attack in Apache Cassandra
Moderate
CVE-2020-13946
was published
for
org.apache.cassandra:cassandra-all
(Maven)
May 7, 2021
Exposure of Resource to Wrong Sphere in org.craftercms:crafter-search
Critical
CVE-2021-23264
was published
for
org.craftercms:crafter-search
(Maven)
Dec 16, 2021
Malicious Atomix node queries expose sensitive information
Moderate
CVE-2020-35215
was published
for
io.atomix:atomix
(Maven)
Dec 17, 2021
org.xwiki.platform:xwiki-platform-oldcore vulnerable to data leak through deleted documents
High
CVE-2023-29208
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Apr 12, 2023
ProTip!
Advisories are also available from the
GraphQL API