GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
11 advisories
lxml Cross-site Scripting Via Control Characters
Moderate
CVE-2014-3146
was published
for
lxml
(pip)
May 14, 2022
Calico vulnerable to pod route hijacking
Moderate
CVE-2022-28224
was published
for
github.com/projectcalico/calico
(Go)
Jun 7, 2022
stereoscope vulnerable to tar path traversal when processing OCI tar archives
Moderate
CVE-2024-24579
was published
for
github.com/anchore/stereoscope
(Go)
Jan 31, 2024
SmallRye Health UI Cross-site Scripting vulnerability
Moderate
CVE-2021-3914
was published
for
io.smallrye:smallrye-health-ui
(Maven)
Aug 26, 2022
Apache James MIME4J vulnerable to information disclosure to local users
Moderate
CVE-2022-45787
was published
for
org.apache.james:apache-mime4j-storage
(Maven)
Jan 6, 2023
Spring Security logout not clearing security context
Moderate
CVE-2023-20862
was published
for
org.springframework.security:spring-security-core
(Maven)
Apr 19, 2023
Eclipse Jetty Server generates error message containing sensitive information
Moderate
CVE-2018-12536
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Oct 19, 2018
Cross-site request forgery vulnerability in Jenkins Nomad Plugin
Moderate
CVE-2019-1003092
was published
for
org.jenkins-ci.plugins:nomad
(Maven)
May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
Moderate
CVE-2021-22137
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 24, 2022
Improper Input Validation in Spring Framework
Moderate
CVE-2020-5421
was published
for
org.springframework:spring-framework-bom
(Maven)
Apr 30, 2021
Directory traversal in Mort Bay Jetty
Moderate
CVE-2009-1523
was published
for
org.mortbay.jetty:jetty
(Maven)
May 2, 2022
ProTip!
Advisories are also available from the
GraphQL API