GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,069
Maven
5,000+
npm
3,744
NuGet
668
pip
3,429
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+
136 advisories
Filter by severity
Apache Tomcat Allows Remote Attackers to Spoof AJP Requests
High
CVE-2011-3190
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Improper Authentication in Apache WSS4J
High
CVE-2014-3612
was published
for
org.apache.activemq:activemq-broker
(Maven)
May 14, 2022
Improper Authentication in Apache Tomcat
Moderate
CVE-2013-2067
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Improper Authentication in Jenkins
Moderate
CVE-2018-1999045
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
Apache OpenMeetings may allow authenticated attacker to deny service for privileged users
Moderate
CVE-2018-1286
was published
for
org.apache.openmeetings:openmeetings-parent
(Maven)
May 13, 2022
Improper Authentication In Apache NiFi
High
CVE-2017-5635
was published
for
org.apache.nifi:nifi
(Maven)
May 13, 2022
Improper Authentication in Jenkins Blue Ocean Plugin
High
CVE-2017-1000106
was published
for
io.jenkins.blueocean:blueocean
(Maven)
May 13, 2022
Improper Authentication in Jenkins Blue Ocean Plugin
Moderate
CVE-2017-1000110
was published
for
io.jenkins.blueocean:blueocean
(Maven)
May 13, 2022
Improper Authentication in Jenkins
Moderate
CVE-2017-2604
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Infinispan Rest API Does Not Enforce Auth Constraints
Moderate
CVE-2017-2638
was published
for
org.infinispan:infinispan-server-core
(Maven)
May 13, 2022
Missing permission checks in Jenkins Distributed Fork Plugin
High
CVE-2017-2652
was published
for
org.jenkins-ci.plugins:distfork
(Maven)
May 13, 2022
Improper Authentication in Apache Kafka
Moderate
CVE-2017-12610
was published
for
org.apache.kafka:kafka-clients
(Maven)
May 13, 2022
Keycloak Oauth Implementation Error
High
CVE-2017-12160
was published
for
org.keycloak:keycloak-parent
(Maven)
May 13, 2022
Improper Authentication in Pivotal Spring-LDAP
High
CVE-2017-8028
was published
for
org.springframework.ldap:spring-ldap-core
(Maven)
May 13, 2022
Improper Authentication in Apache CXF
Moderate
CVE-2012-2378
was published
for
org.apache.cxf:cxf
(Maven)
May 13, 2022
Improper Authentication in Apache CXF
Critical
CVE-2012-0803
was published
for
org.apache.cxf:cxf
(Maven)
May 13, 2022
Improper Authentication in Apache CXF
Moderate
CVE-2012-5633
was published
for
org.apache.cxf:cxf
(Maven)
May 13, 2022
Improper Authentication in Apache WSS4J
Moderate
CVE-2014-3623
was published
for
org.apache.ws.security:wss4j
(Maven)
May 13, 2022
Improper Authentication in Spring Security
High
CVE-2014-0097
was published
for
org.springframework.security:spring-security-core
(Maven)
May 13, 2022
Improper Authentication in Apache Axis2
Moderate
CVE-2012-5351
was published
for
org.apache.axis2:axis2
(Maven)
May 13, 2022
Improper Authentication in Apache CXF
Moderate
CVE-2013-0239
was published
for
org.apache.cxf:cxf-rt-frontend-jaxrs
(Maven)
May 5, 2022
Improper Authentication in Apache Tomcat
Moderate
CVE-2009-2901
was published
for
org.apache.tomcat:tomcat
(Maven)
May 2, 2022
Ignite Realtime Openfire Allows Users to Change Passwords of Arbitrary Accounts
Moderate
CVE-2009-1595
was published
for
org.igniterealtime.openfire:parent
(Maven)
May 2, 2022
Improper Authentication in Mortbay Jetty
High
CVE-2007-5614
was published
for
org.mortbay.jetty:jetty
(Maven)
May 1, 2022
Keycloak is vulnerable to IDN homograph attack
Moderate
CVE-2021-3424
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 28, 2022
ProTip!
Advisories are also available from the
GraphQL API