GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,226
Erlang
31
GitHub Actions
19
Go
1,991
Maven
5,000+
npm
3,708
NuGet
661
pip
3,341
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
18 advisories
Filter by severity
Apache SeaTunnel SQL Injection vulnerability
High
CVE-2023-49198
was published
for
org.apache.seatunnel:seatunnel
(Maven)
Aug 21, 2024
Apache Linkis arbitrary file deletion vulnerability
High
CVE-2024-27182
was published
for
org.apache.linkis:linkis
(Maven)
Aug 2, 2024
Apache Linkis DataSource allows arbitrary file reading
High
CVE-2023-41916
was published
for
org.apache.linkis:linkis-datasource
(Maven)
Jul 15, 2024
Apache Struts vulnerable to path traversal
Critical
CVE-2023-50164
was published
for
org.apache.struts:struts2-core
(Maven)
Dec 7, 2023
Apache InLong has Files or Directories Accessible to External Parties
High
CVE-2023-31064
was published
for
org.apache.inlong:manager-workflow
(Maven)
Jul 6, 2023
Apache InLong has Files or Directories Accessible to External Parties in Apache InLong
Critical
CVE-2023-31066
was published
for
org.apache.inlong:manager-service
(Maven)
Jul 6, 2023
Guava vulnerable to insecure use of temporary directory
Moderate
CVE-2023-2976
was published
for
com.google.guava:guava
(Maven)
Jun 14, 2023
Keycloak has Files or Directories Accessible to External Parties
Moderate
CVE-2021-3856
was published
for
org.keycloak:keycloak-core
(Maven)
Aug 27, 2022
Wildfly-Core user account mismanagement
High
CVE-2021-3717
was published
for
org.wildfly.core:wildfly-core-parent
(Maven)
May 25, 2022
Sandbox bypass vulnerability through implicitly allowlisted platform Groovy files in Jenkins Pipeline: Groovy Plugin
High
CVE-2022-30945
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
May 18, 2022
Improper file downloads in Apache Tapestry
Moderate
CVE-2020-13953
was published
for
org.apache.tapestry:tapestry-core
(Maven)
Feb 10, 2022
Missing authorization in xwiki-platform
Moderate
CVE-2022-23621
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Feb 9, 2022
Files Accessible to External Parties in Opencast
Critical
CVE-2021-43821
was published
for
org.opencastproject:opencast-ingest-service-impl
(Maven)
Dec 14, 2021
Exposure of Sensitive Information to an Unauthorized Actor in Apache Wicket
High
CVE-2020-11976
was published
for
org.apache.wicket:wicket-core
(Maven)
May 7, 2021
Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI Generator Maven plugin
Moderate
CVE-2021-21429
was published
for
org.openapitools:openapi-generator-maven-plugin
(Maven)
Apr 29, 2021
Path Traversal in Apache Flink
High
CVE-2020-17519
was published
for
org.apache.flink:flink-runtime_2.11
(Maven)
Jan 6, 2021
Local Temp Directory Hijacking Vulnerability
High
CVE-2020-27216
was published
for
org.eclipse.jetty:jetty-webapp
(Maven)
Nov 4, 2020
Files or Directories Accessible to External Parties in org.springframework:spring-core
High
CVE-2015-5211
was published
for
org.springframework:spring-core
(Maven)
Oct 17, 2018
ProTip!
Advisories are also available from the
GraphQL API