Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
86
GitHub Actions
54
Go
4,175
Maven
5,000+
npm
5,000+
NuGet
1,019
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,421
Swift
61
Unreviewed advisories
All unreviewed
5,000+

12 advisories

Loading
sealed-env: TOTP secret embedded in unseal token payload (enterprise mode) Critical
CVE-2026-45091 was published for io.github.davidalmeidac:sealed-env-core (Maven) May 12, 2026
davidalmeidac Credited to davidalmeidac
HAPI FHIR HTTP authentication leak in redirects Critical
CVE-2026-33180 was published for ca.uhn.hapi.fhir:org.hl7.fhir.convertors (Maven) Mar 18, 2026
ElliotSilver Credited to ElliotSilver
Valtimo scripting engine can be used to gain access to sensitive data or resources Critical
CVE-2025-58059 was published for com.ritense.valtimo:core (Maven) Aug 28, 2025
GeoServer has improper ENTITY_RESOLUTION_ALLOWLIST URI validation in XML Processing (SSRF) Critical
CVE-2024-34711 was published for org.geoserver.main:gs-main (Maven) Jun 10, 2025
lemauanhphong Credited to lemauanhphong and jodygarnett jodygarnett jodygarnett
PMD Designer's release key passphrase (GPG) available on Maven Central in cleartext Critical
CVE-2025-23215 was published for net.sourceforge.pmd:pmd-core (Maven) Jan 31, 2025
hboutemy Credited to hboutemy and yusuke-koyoshi yusuke-koyoshi yusuke-koyoshi
http4k has a potential XXE (XML External Entity Injection) vulnerability Critical
CVE-2024-55875 was published for org.http4k:http4k-format-xml (Maven) Dec 12, 2024
JAckLosingHeart Credited to JAckLosingHeart
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins Critical
CVE-2017-1000362 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Hadoop Critical
CVE-2016-3086 was published for org.apache.hadoop:hadoop-yarn-server-nodemanager (Maven) May 17, 2022
Exposure of Sensitive Information in Jenkins Core Critical
CVE-2016-0791 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Insecure cookie sharing in Hawtio Critical
CVE-2017-2589 was published for io.hawt:project (Maven) May 13, 2022
Exposure of Sensitive Information in Hadoop Critical
CVE-2017-15718 was published for org.apache.hadoop:hadoop-main (Maven) Dec 21, 2018
Credential leak in org.apache.directory.api:apache-ldap-api Critical
CVE-2018-1337 was published for org.apache.directory.api:apache-ldap-api (Maven) Nov 9, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database