GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
8,934 advisories
Filter by severity
Memory Exposure in tunnel-agent
Moderate
GHSA-xc7v-wxcw-j472
was published
for
tunnel-agent
(npm)
Jun 3, 2019
Exposure of Sensitive Information to an Unauthorized Actor and SQL Injection in Spring Data JPA
Moderate
CVE-2019-3797
was published
for
org.springframework.data:spring-data-jpa
(Maven)
May 14, 2019
Exposure of Sensitive Information to an Unauthorized Actor in Keycloak
Moderate
CVE-2019-3868
was published
for
org.keycloak:keycloak-core
(Maven)
Apr 30, 2019
Information Exposure vulnerability in Eclipse Jetty
Moderate
CVE-2019-10246
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Apr 23, 2019
Installation information leak in Eclipse Jetty
Moderate
CVE-2019-10247
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Apr 23, 2019
Microsoft.ChakraCore vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Moderate
CVE-2019-0746
was published
for
Microsoft.ChakraCore
(NuGet)
Apr 9, 2019
Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark
Moderate
CVE-2018-1334
was published
for
org.apache.spark:spark-core_2.10
(Maven)
Mar 14, 2019
Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark via crafted URL
Moderate
CVE-2018-8024
was published
for
org.apache.spark:spark-core_2.10
(Maven)
Mar 14, 2019
Moderate severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service
Moderate
CVE-2017-12625
was published
for
org.apache.hive:hive
(Maven)
Mar 14, 2019
Insecure Default Configuration in airbrake
Moderate
CVE-2016-10530
was published
for
airbrake
(npm)
Feb 18, 2019
Exposure of Sensitive Information to an Unauthorized Actor in Hadoop
High
CVE-2018-1296
was published
for
org.apache.hadoop:hadoop-main
(Maven)
Feb 12, 2019
Rendertron discloses absolute paths of files
High
CVE-2017-18355
was published
for
rendertron
(npm)
Feb 12, 2019
Exposure of Sensitive Information in Hadoop
Critical
CVE-2017-15718
was published
for
org.apache.hadoop:hadoop-main
(Maven)
Dec 21, 2018
Moderate severity vulnerability that affects org.apache.hadoop:hadoop-main
Moderate
CVE-2017-15713
was published
for
org.apache.hadoop:hadoop-main
(Maven)
Dec 21, 2018
Exposure of Sensitive Information to an Unauthorized Actor in urllib3
Critical
CVE-2018-20060
was published
for
urllib3
(pip)
Dec 12, 2018
Exposure of Sensitive Information to an Unauthorized Actor in activestorage
Moderate
CVE-2018-16477
was published
for
activestorage
(RubyGems)
Dec 5, 2018
Exposure of Sensitive Information to an Unauthorized Actor in Apache hive
Low
CVE-2018-1284
was published
for
org.apache.hive:hive
(Maven)
Nov 21, 2018
Jetty vulnerable to exposure of sensitive information to unauthenticated remote users
High
CVE-2015-2080
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Nov 9, 2018
Credential leak in org.apache.directory.api:apache-ldap-api
Critical
CVE-2018-1337
was published
for
org.apache.directory.api:apache-ldap-api
(Maven)
Nov 9, 2018
Exposure of Sensitive Information to an Unauthorized Actor in Apache syncope-cope
Moderate
CVE-2018-1322
was published
for
org.apache.syncope:syncope-core
(Maven)
Nov 6, 2018
Missing Origin Validation in parcel-bundler
High
CVE-2018-14731
was published
for
parcel-bundler
(npm)
Oct 30, 2018
Private Data Disclosure in express-restify-mongoose
High
CVE-2016-10533
was published
for
express-restify-mongoose
(npm)
Oct 23, 2018
Jetty vulnerable to exposure of sensitive information due to observable discrepancy
High
CVE-2017-9735
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Oct 19, 2018
keycloak-core discloses system properties
Moderate
CVE-2017-2582
was published
for
org.keycloak:keycloak-core
(Maven)
Oct 18, 2018
keycloak-core vulnerable to timing attacks against JWS token verification
Moderate
CVE-2017-2585
was published
for
org.keycloak:keycloak-core
(Maven)
Oct 18, 2018
ProTip!
Advisories are also available from the
GraphQL API