GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
1,998
Maven
5,000+
npm
3,710
NuGet
661
pip
3,364
Pub
11
RubyGems
885
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,760 advisories
Filter by severity
Querydsl SQL/HQL injection
High
CVE-2024-49203
was published
for
com.querydsl:querydsl-apt
(Maven)
Nov 20, 2024
Apache DolphinScheduler sensitive information disclosure
High
CVE-2023-48796
was published
for
apache-dolphinscheduler
(Maven)
Nov 24, 2023
Apache IoTDB Session Fixation vulnerability
High
CVE-2022-38369
was published
for
apache-iotdb
(Maven)
Sep 6, 2022
Apache IoTDB grafana-connector contains an interface without authorization
High
CVE-2022-38370
was published
for
org.apache.iotdb:iotdb-grafana-connector
(Maven)
Sep 6, 2022
CrateDB authentication bypass vulnerability
High
CVE-2023-51982
was published
for
io.crate:crate
(Maven)
Jan 30, 2024
Graylog concurrent PDF report rendering can leak other users' reports
High
CVE-2024-52506
was published
for
org.graylog:graylog-parent
(Maven)
Nov 18, 2024
Apache Spark UI can allow impersonation if ACLs enabled
High
CVE-2022-33891
was published
for
org.apache.spark:spark-parent_2.12
(Maven)
Jul 19, 2022
Apache Spark UI vulnerable to Command Injection
High
CVE-2023-32007
was published
for
org.apache.spark:spark-parent_2.12
(Maven)
May 2, 2023
Undertow incorrectly parses cookies
High
CVE-2023-4639
was published
for
io.undertow:undertow-core
(Maven)
Nov 17, 2024
OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) allows follower controller to set up flow entries
High
CVE-2024-46942
was published
for
org.opendaylight.mdsal:mdsal-artifacts
(Maven)
Sep 16, 2024
org.xwiki.platform:xwiki-platform-notifications-ui is missing checks for notification filter preferences editions
High
CVE-2024-46978
was published
for
org.xwiki.platform:xwiki-platform-notifications-ui
(Maven)
Sep 18, 2024
Keycloak Denial of Service vulnerability
High
CVE-2023-6841
was published
for
org.keycloak:keycloak-core
(Maven)
Sep 10, 2024
Signature forgery in Spring Boot's Loader
High
CVE-2024-38807
was published
for
org.springframework.boot:spring-boot-loader
(Maven)
Aug 23, 2024
Microcks's POST /api/import and POST /api/export endpoints allow non-administrator access
High
CVE-2024-44076
was published
for
io.github.microcks:microcks-app
(Maven)
Aug 19, 2024
Jenkins Remoting library arbitrary file read vulnerability
High
CVE-2024-43044
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Aug 7, 2024
Apache Linkis arbitrary file deletion vulnerability
High
CVE-2024-27182
was published
for
org.apache.linkis:linkis
(Maven)
Aug 2, 2024
Apache Linkis vulnerable to privilege escalation
High
CVE-2024-27181
was published
for
org.apache.linkis:linkis
(Maven)
Aug 2, 2024
XWiki Platform vulnerable to Cross-site Scripting through attachment filename in uploader
High
CVE-2024-37900
was published
for
org.xwiki.platform:xwiki-platform-web-war
(Maven)
Jul 31, 2024
DNSJava vulnerable to KeyTrap - Denial-of-Service Algorithmic Complexity Attacks
High
GHSA-crjg-w57m-rqqf
was published
for
dnsjava:dnsjava
(Maven)
Jul 22, 2024
DNSJava affected by KeyTrap - NSEC3 closest encloser proof can exhaust CPU resources
High
GHSA-mmwx-rj87-vfgr
was published
for
dnsjava:dnsjava
(Maven)
Jul 22, 2024
Apache Syncope Improper Input Validation vulnerability
High
CVE-2024-38503
was published
for
org.apache.syncope.client.idrepo:syncope-client-idrepo-common-ui
(Maven)
Jul 22, 2024
Apache Linkis DataSource allows arbitrary file reading
High
CVE-2023-41916
was published
for
org.apache.linkis:linkis-datasource
(Maven)
Jul 15, 2024
Apache Kafka: Potential incorrect access control during migration from ZK mode to KRaft mode
High
CVE-2024-27309
was published
for
org.apache.kafka:kafka-metadata
(Maven)
Apr 12, 2024
Infinispan REST Server's bulk read endpoints do not properly evaluate user permissions
High
CVE-2023-3628
was published
for
org.infinispan:infinispan-server-rest
(Maven)
Dec 30, 2023
Infinispan circular object references causes out of memory errors
High
CVE-2023-5236
was published
for
org.infinispan.protostream:protostream
(Maven)
Dec 28, 2023
ProTip!
Advisories are also available from the
GraphQL API