Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

2,440 advisories

Loading
Spring LDAP data exposure vulnerability Moderate
CVE-2024-38829 was published for org.springframework.ldap:spring-ldap-core (Maven) Dec 4, 2024
Apache Archiva Reflected Cross-site Scripting vulnerability Moderate
CVE-2024-27140 was published for org.apache.archiva:archiva-common (Maven) Mar 1, 2024
oscerd
Denial of Service attack on windows app using netty Moderate
CVE-2024-47535 was published for io.netty:netty-common (Maven) Nov 12, 2024
Amossys-PGR AB-xdev
irene221b
Spring Framework has Authorization Bypass for Case Sensitive Comparisons Moderate
CVE-2024-38827 was published for org.springframework:spring-beans (Maven) Dec 2, 2024
Netty vulnerability included in redis lettuce Moderate
GHSA-q4h9-7rxj-7gx2 was published for io.lettuce:lettuce-core (Maven) Dec 2, 2024
gmcallister-r7
Bouncy Castle crafted signature and public key can be used to trigger an infinite loop Moderate
CVE-2024-30172 was published for BouncyCastle (Maven) May 14, 2024
levpachmanov amita-seal
Spring Framework DataBinder Case Sensitive Match Exception Moderate
CVE-2024-38820 was published for org.springframework:spring-context (Maven) Oct 18, 2024
jw123023
Spring Security's spring-security.xsd file is world writable Moderate
CVE-2023-34042 was published for org.springframework.security:spring-security-config (Maven) Feb 6, 2024
Jenkins Filesystem List Parameter Plugin has Path Traversal vulnerability Moderate
CVE-2024-54004 was published for aendter.jenkins.plugins:filesystem-list-parameter-plugin (Maven) Nov 27, 2024
sigstore-java has vulnerability with bundle verification Moderate
CVE-2024-53267 was published for dev.sigstore:sigstore-java (Maven) Nov 26, 2024
loosebazooka
Validator.isValidSafeHTML is being deprecated and will be deleted from org.owasp.esapi:esapi in 1 year Moderate
GHSA-r68h-jhhj-9jvm was published for org.owasp.esapi:esapi (Maven) Nov 27, 2023
Apache Syncope: Stored XSS in Console and Enduser Moderate
CVE-2024-45031 was published for org.apache.syncope.client:syncope-client-console (Maven) Oct 24, 2024
Apache IoTDB Session Fixation vulnerability Moderate
CVE-2022-38369 was published for apache-iotdb (Maven) Sep 6, 2022
Jenkins item creation restriction bypass vulnerability Moderate
CVE-2024-47804 was published for org.jenkins-ci.main:jenkins-core (Maven) Oct 2, 2024
Keycloak proxy header handling Denial-of-Service (DoS) vulnerability Moderate
CVE-2024-9666 was published for org.keycloak:keycloak-quarkus-server (Maven) Nov 25, 2024
Duplicate Advisory: Keycloak proxy header handling Denial-of-Service (DoS) vulnerability Moderate
GHSA-pcx7-8hxg-j823 was published for org.keycloak:keycloak-quarkus-server (Maven) Nov 25, 2024 withdrawn
Duplicate Advisory: Keycloak Build Process Exposes Sensitive Data Moderate
GHSA-jcgg-mg9g-p9wf was published for org.keycloak:keycloak-quarkus-server (Maven) Nov 25, 2024 withdrawn
Keycloak Path Traversal Vulnerability Due to External Control of File Name or Path Moderate
CVE-2024-10492 was published for org.keycloak:keycloak-quarkus-server (Maven) Nov 25, 2024
Duplicate Advisory: org.keycloak:keycloak-services has Inefficient Regular Expression Complexity Moderate
GHSA-j3x3-r585-4qhg was published for org.keycloak:keycloak-services (Maven) Nov 25, 2024 withdrawn
Improper Input Validation vulnerability in Apache Hop Engine Moderate
CVE-2024-24683 was published for org.apache.hop:hop (Maven) Mar 19, 2024
Undertow Path Traversal vulnerability Moderate
CVE-2024-1459 was published for io.undertow:undertow-core (Maven) Feb 12, 2024
OrangeDog
Searching Opencast may cause a denial of service Moderate
CVE-2024-52797 was published for org.opencastproject:opencast-elasticsearch-impl (Maven) Nov 20, 2024
FitNesse Cross-site scripting Moderate
CVE-2024-39610 was published for org.fitnesse:fitnesse (Maven) Nov 15, 2024
Apache Kafka Clients: Privilege escalation to filesystem read-access via automatic ConfigProvider Moderate
CVE-2024-31141 was published for org.apache.kafka:kafka-clients (Maven) Nov 19, 2024
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat Moderate
CVE-2024-23672 was published for org.apache.tomcat.embed:tomcat-embed-websocket (Maven) Mar 13, 2024
westonsteimel
ProTip! Advisories are also available from the GraphQL API