Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,651
Erlang
34
GitHub Actions
26
Go
2,252
Maven
5,000+
npm
3,904
NuGet
702
pip
3,676
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

290 advisories

Loading
OpenCMS Cross-Site Scripting vulnerability Low
CVE-2024-42699 was published for org.opencms:opencms-core (Maven) Apr 21, 2025
Apache ActiveMQ Artemis User Without Create Address Permissions can Modify Address Routing-Type Low
CVE-2025-27427 was published for org.apache.activemq:artemis-server (Maven) Apr 1, 2025
Apache Kylin Code Injection via JDBC Configuration Alteration Low
CVE-2025-30067 was published for org.apache.kylin:kylin (Maven) Mar 27, 2025
Apache Kylin Server-Side Request Forgery (SSRF) via `/kylin/api/xxx/diag` Endpoint Low
CVE-2024-48944 was published for org.apache.kylin:kylin-common-server (Maven) Mar 27, 2025
Jenkins Zoho QEngine Plugin Displays Unmasked API Keys Low
CVE-2025-30197 was published for io.jenkins.plugins:zohoqengine (Maven) Mar 19, 2025
Apache Seata Vulnerable to Data Amplification Low
CVE-2024-54016 was published for org.apache.seata:seata-parent (Maven) Mar 20, 2025
Apache Seata Vulnerable to Deserialization of Untrusted Data Low
CVE-2024-47552 was published for org.apache.seata:seata-config-core (Maven) Mar 20, 2025
Maven Archetype Plugin: Maven Archetype integration-test may package local settings into the published artifact, possibly containing credentials Low
CVE-2024-47197 was published for org.apache.maven.plugins:maven-archetype-plugin (Maven) Sep 26, 2024
druid-pac4j, Apache Druid extension, has Padding Oracle vulnerability Low
CVE-2024-45384 was published for org.apache.druid.extensions:druid-pac4j (Maven) Sep 17, 2024
Snowflake JDBC Driver client-side encryption key in DEBUG logs Low
CVE-2025-27496 was published for net.snowflake:snowflake-jdbc (Maven) Mar 13, 2025
Jenkins Zoom Plugin is Missing Password Field Masking Low
CVE-2025-0148 was published for io.jenkins.plugins:zoom (Maven) Feb 4, 2025
Jenkins allows Cross-Site Scripting (XSS) Low
CVE-2011-4344 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Jenkins allows Cross-Site Scripting (XSS) Low
CVE-2015-1813 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Jenkins Vulnerable to Denial of Service (DoS) Low
CVE-2015-1808 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Jenkins allows Cross-Site Scripting (XSS) in User Configuration Low
CVE-2013-5573 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Jenkins Build Failure Analyzer Plugin allows Cross-Site Scripting (XSS) Low
CVE-2013-6374 was published for com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer (Maven) May 17, 2022
Jenkins allows Cross-Site Scripting (XSS) Low
CVE-2012-6074 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Jenkins affected by Open Redirect Vulnerability Low
CVE-2012-6073 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Jenkins allows Cross-Site Scripting (XSS) Low
CVE-2015-5326 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack Low
CVE-2015-5318 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Jenkins allows Cross-Site Scripting (XSS) Low
CVE-2012-0325 was published for org.jenkins-ci.main:jenkins-core (Maven) May 4, 2022
Jenkins allows Cross-Site Scripting (XSS) Low
CVE-2012-0324 was published for org.jenkins-ci.main:jenkins-core (Maven) May 4, 2022
Apache Ranger Improper Neutralization of Formula Elements vulnerability Low
CVE-2024-55532 was published for org.apache.ranger:security-admin-web (Maven) Mar 3, 2025
Keycloak allows cross-site scripting (XSS) Low
CVE-2024-4028 was published for org.keycloak:keycloak-core (Maven) Feb 18, 2025
Apache NiFi: Missing Complete Authorization for Parameter and Service References Low
CVE-2024-56512 was published for org.apache.nifi:nifi-web-api (Maven) Dec 28, 2024
exceptionfactory
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database