GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
11 advisories
stereoscope vulnerable to tar path traversal when processing OCI tar archives
Moderate
CVE-2024-24579
was published
for
github.com/anchore/stereoscope
(Go)
Jan 31, 2024
Spring Security logout not clearing security context
Moderate
CVE-2023-20862
was published
for
org.springframework.security:spring-security-core
(Maven)
Apr 19, 2023
Apache James MIME4J vulnerable to information disclosure to local users
Moderate
CVE-2022-45787
was published
for
org.apache.james:apache-mime4j-storage
(Maven)
Jan 6, 2023
SmallRye Health UI Cross-site Scripting vulnerability
Moderate
CVE-2021-3914
was published
for
io.smallrye:smallrye-health-ui
(Maven)
Aug 26, 2022
Calico vulnerable to pod route hijacking
Moderate
CVE-2022-28224
was published
for
github.com/projectcalico/calico
(Go)
Jun 7, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
Moderate
CVE-2021-22137
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 24, 2022
lxml Cross-site Scripting Via Control Characters
Moderate
CVE-2014-3146
was published
for
lxml
(pip)
May 14, 2022
Cross-site request forgery vulnerability in Jenkins Nomad Plugin
Moderate
CVE-2019-1003092
was published
for
org.jenkins-ci.plugins:nomad
(Maven)
May 13, 2022
Directory traversal in Mort Bay Jetty
Moderate
CVE-2009-1523
was published
for
org.mortbay.jetty:jetty
(Maven)
May 2, 2022
Improper Input Validation in Spring Framework
Moderate
CVE-2020-5421
was published
for
org.springframework:spring-framework-bom
(Maven)
Apr 30, 2021
Eclipse Jetty Server generates error message containing sensitive information
Moderate
CVE-2018-12536
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Oct 19, 2018
ProTip!
Advisories are also available from the
GraphQL API