Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,070
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,629
NuGet
638
pip
3,240
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

260 advisories

Loading
Cross-site scripting in Apache Syncome EndUser Low
CVE-2019-17557 was published for org.apache.syncope.client:syncope-client-enduser (Maven) Jan 6, 2022
A user without PR can reset user authentication failures information Low
CVE-2021-32729 was published for org.xwiki.platform:xwiki-platform-security-authentication-script (Maven) Jul 2, 2021
Reflected cross-site scripting in development mode handler in Vaadin 14, 15-19 Low
CVE-2021-33604 was published for com.vaadin:vaadin-bom (Maven) Jun 28, 2021
Reflected cross-site scripting in development mode handler in Vaadin Low
GHSA-8vfw-v2jv-9hwc was published for com.vaadin:flow-server (Maven) Jun 28, 2021
SessionListener can prevent a session from being invalidated breaking logout Low
CVE-2021-34428 was published for org.eclipse.jetty:jetty-server (Maven) Jun 23, 2021
rmannibucau stephenc
Insecure temporary file used in com.squareup:connect Low
CVE-2021-23331 was published for com.squareup:connect (Maven) Jun 16, 2021
Cross-site Scripting in Wildfly Low
CVE-2021-3536 was published for org.wildfly:wildfly-parent (Maven) May 25, 2021
Unauthorized client-side property update in UIDL request handler in Vaadin 10 and 11 Low
CVE-2018-25007 was published for com.vaadin:flow-server (Maven) Apr 19, 2021
Potential sensitive data exposure in applications using Vaadin 15 Low
CVE-2020-36319 was published for com.vaadin:flow-server (Maven) Apr 19, 2021
knoobie
Unauthorized client-side property update in UIDL request handler in Vaadin 10 and 11 Low
GHSA-3h5r-928v-mxhh was published for com.vaadin:vaadin-bom (Maven) Apr 19, 2021
Potential sensitive data exposure in applications using Vaadin 15 Low
GHSA-76f4-fw33-6j2v was published for com.vaadin:vaadin-bom (Maven) Apr 19, 2021
knoobie
Directory exposure in jetty Low
CVE-2021-28163 was published for org.eclipse.jetty:jetty-deploy (Maven) Apr 6, 2021
svarovski
Discovery uses the same AES/GCM Nonce throughout the session Low
GHSA-w3hj-wr2q-x83g was published for tech.pegasys.discovery:discovery (Maven) Apr 6, 2021
asanso
Information Disclosure in Guava Low
CVE-2020-8908 was published for com.google.guava:guava (Maven) Mar 25, 2021
joshbressers
It's possible to execute anything with the rights of the author of a macro which uses the {{wikimacrocontent}} macro Low
CVE-2021-21379 was published for org.xwiki.platform:xwiki-platform-rendering-wikimacro-store (Maven) Mar 23, 2021
Privilege Context Switching Error in Elasticsearch Low
CVE-2020-7020 was published for org.elasticsearch:elasticsearch (Maven) Mar 18, 2021
Generator Web Application: Local Privilege Escalation Vulnerability via System Temp Directory Low
CVE-2021-21363 was published for io.swagger:swagger-codegen (Maven) Mar 11, 2021
JLLeitschuh
Local Information Disclosure Vulnerability Low
CVE-2021-21331 was published for com.datadoghq:datadog-api-client (Maven) Mar 3, 2021
JLLeitschuh oliverchang
Unencrypted passwords Low
GHSA-q594-2475-8v9f was published for org.apache.nifi:nifi-standard-processors (Maven) Feb 24, 2021 withdrawn
Key Caching behavior in the DynamoDB Encryption Client. Low
GHSA-w736-hf9p-qqh3 was published for com.amazonaws:aws-dynamodb-encryption-java (Maven) Feb 8, 2021
Memory exhaustion in http4s-async-http-client with large or malicious compressed responses Low
GHSA-8hxh-r6f7-jf45 was published for org.http4s:http4s-async-http-client_2.12 (Maven) Oct 16, 2020
leonardosantosklarna ashwinbhaskar
Ciphertext Malleability Issue in Tink Java Low
CVE-2020-8929 was published for com.google.crypto.tink:tink (Maven) Oct 16, 2020
reteptilian
personnummer/java vulnerable to Improper Input Validation Low
GHSA-q3vw-4jx3-rrr2 was published for dev.personnummer:personnummer (Maven) Sep 23, 2020
Users with SCRIPT right can execute arbitrary code in XWiki Low
CVE-2020-15171 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Sep 10, 2020
XSS in Mapfish Print relating to JSONP support Low
CVE-2020-15231 was published for org.mapfish.print:print-lib (Maven) Jul 7, 2020
ProTip! Advisories are also available from the GraphQL API