GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
13 advisories
Filter by severity
OrientDB Server Community Edition uses insufficiently random values to generate session IDs
Moderate
CVE-2015-2913
was published
for
com.orientechnologies:orientdb-server
(Maven)
Oct 18, 2018
Use of Insufficiently Random Values in penggle:kaptcha
Critical
CVE-2018-18531
was published
for
com.github.penggle:kaptcha
(Maven)
Oct 23, 2018
Spring Security uses insufficiently random values
Moderate
CVE-2019-3795
was published
for
org.springframework.security:spring-security-core
(Maven)
Apr 16, 2019
Insufficient Nonce Validation in Eclipse Milo Client
High
CVE-2019-19135
was published
for
org.eclipse.milo:sdk-client
(Maven)
Mar 16, 2020
Predictable password in Keycloak
Critical
CVE-2020-1731
was published
for
org.keycloak:keycloak-core
(Maven)
Apr 15, 2020
Insufficient Entropy in Spring Security
Moderate
CVE-2020-5408
was published
for
org.springframework.security:spring-security-core
(Maven)
Jun 15, 2020
Cryptographically weak CSRF tokens in Apache MyFaces
High
CVE-2021-26296
was published
for
org.apache.myfaces.core:myfaces-core-module
(Maven)
Jun 16, 2021
Ratpack's default client side session signing key is highly predictable
Moderate
CVE-2021-29480
was published
for
io.ratpack:ratpack-session
(Maven)
Jul 1, 2021
Use of Hard-coded Credentials in Apache Kylin
High
CVE-2021-45458
was published
for
org.apache.kylin:kylin
(Maven)
Jan 8, 2022
Jetty Uses Predictable Session Identifiers
Moderate
CVE-2006-6969
was published
for
org.eclipse.jetty:jetty-server
(Maven)
May 1, 2022
Use of Insufficiently Random Values in Apereo CAS
High
CVE-2019-10754
was published
for
org.apereo.cas:cas-server-core-services-api
(Maven)
May 24, 2022
Inbound TCP Agent Protocol/3 authentication bypass in Jenkins
High
CVE-2020-2099
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Use of unclaimed s3 bucket in tests and examples
Moderate
CVE-2022-36022
was published
for
org.deeplearning4j:dl4j-examples
(Maven)
Nov 10, 2022
ProTip!
Advisories are also available from the
GraphQL API