GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,249
Erlang
31
GitHub Actions
21
Go
2,018
Maven
5,000+
npm
3,723
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
857
Swift
36
Unreviewed advisories
All unreviewed
5,000+
2,439 advisories
Filter by severity
Spring LDAP data exposure vulnerability
Moderate
CVE-2024-38829
was published
for
org.springframework.ldap:spring-ldap-core
(Maven)
Dec 4, 2024
Apache Archiva Reflected Cross-site Scripting vulnerability
Moderate
CVE-2024-27140
was published
for
org.apache.archiva:archiva-common
(Maven)
Mar 1, 2024
Denial of Service attack on windows app using netty
Moderate
CVE-2024-47535
was published
for
io.netty:netty-common
(Maven)
Nov 12, 2024
Spring Framework has Authorization Bypass for Case Sensitive Comparisons
Moderate
CVE-2024-38827
was published
for
org.springframework:spring-beans
(Maven)
Dec 2, 2024
Netty vulnerability included in redis lettuce
Moderate
GHSA-q4h9-7rxj-7gx2
was published
for
io.lettuce:lettuce-core
(Maven)
Dec 2, 2024
Bouncy Castle crafted signature and public key can be used to trigger an infinite loop
Moderate
CVE-2024-30172
was published
for
BouncyCastle
(Maven)
May 14, 2024
Spring Framework DataBinder Case Sensitive Match Exception
Moderate
CVE-2024-38820
was published
for
org.springframework:spring-context
(Maven)
Oct 18, 2024
Spring Security's spring-security.xsd file is world writable
Moderate
CVE-2023-34042
was published
for
org.springframework.security:spring-security-config
(Maven)
Feb 6, 2024
Jenkins Filesystem List Parameter Plugin has Path Traversal vulnerability
Moderate
CVE-2024-54004
was published
for
aendter.jenkins.plugins:filesystem-list-parameter-plugin
(Maven)
Nov 27, 2024
sigstore-java has vulnerability with bundle verification
Moderate
CVE-2024-53267
was published
for
dev.sigstore:sigstore-java
(Maven)
Nov 26, 2024
Validator.isValidSafeHTML is being deprecated and will be deleted from org.owasp.esapi:esapi in 1 year
Moderate
GHSA-r68h-jhhj-9jvm
was published
for
org.owasp.esapi:esapi
(Maven)
Nov 27, 2023
Apache Syncope: Stored XSS in Console and Enduser
Moderate
CVE-2024-45031
was published
for
org.apache.syncope.client:syncope-client-console
(Maven)
Oct 24, 2024
Apache IoTDB Session Fixation vulnerability
Moderate
CVE-2022-38369
was published
for
apache-iotdb
(Maven)
Sep 6, 2022
Jenkins item creation restriction bypass vulnerability
Moderate
CVE-2024-47804
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Oct 2, 2024
Keycloak proxy header handling Denial-of-Service (DoS) vulnerability
Moderate
CVE-2024-9666
was published
for
org.keycloak:keycloak-quarkus-server
(Maven)
Nov 25, 2024
Duplicate Advisory: Keycloak proxy header handling Denial-of-Service (DoS) vulnerability
Moderate
GHSA-pcx7-8hxg-j823
was published
for
org.keycloak:keycloak-quarkus-server
(Maven)
Nov 25, 2024
•
withdrawn
Duplicate Advisory: Keycloak Build Process Exposes Sensitive Data
Moderate
GHSA-jcgg-mg9g-p9wf
was published
for
org.keycloak:keycloak-quarkus-server
(Maven)
Nov 25, 2024
•
withdrawn
Keycloak Path Traversal Vulnerability Due to External Control of File Name or Path
Moderate
CVE-2024-10492
was published
for
org.keycloak:keycloak-quarkus-server
(Maven)
Nov 25, 2024
Duplicate Advisory: org.keycloak:keycloak-services has Inefficient Regular Expression Complexity
Moderate
GHSA-j3x3-r585-4qhg
was published
for
org.keycloak:keycloak-services
(Maven)
Nov 25, 2024
•
withdrawn
Improper Input Validation vulnerability in Apache Hop Engine
Moderate
CVE-2024-24683
was published
for
org.apache.hop:hop
(Maven)
Mar 19, 2024
Undertow Path Traversal vulnerability
Moderate
CVE-2024-1459
was published
for
io.undertow:undertow-core
(Maven)
Feb 12, 2024
Searching Opencast may cause a denial of service
Moderate
CVE-2024-52797
was published
for
org.opencastproject:opencast-elasticsearch-impl
(Maven)
Nov 20, 2024
FitNesse Cross-site scripting
Moderate
CVE-2024-39610
was published
for
org.fitnesse:fitnesse
(Maven)
Nov 15, 2024
Apache Kafka Clients: Privilege escalation to filesystem read-access via automatic ConfigProvider
Moderate
CVE-2024-31141
was published
for
org.apache.kafka:kafka-clients
(Maven)
Nov 19, 2024
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat
Moderate
CVE-2024-23672
was published
for
org.apache.tomcat.embed:tomcat-embed-websocket
(Maven)
Mar 13, 2024
ProTip!
Advisories are also available from the
GraphQL API