GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,761 advisories
Filter by severity
Jenkins HTML Publisher Plugin Stored XSS vulnerability
High
CVE-2024-28150
was published
for
org.jenkins-ci.plugins:htmlpublisher
(Maven)
Mar 6, 2024
Selenium Server (Grid) CSRF
High
CVE-2022-28108
was published
for
org.seleniumhq.selenium:selenium-grid
(Maven)
Apr 20, 2022
High severity vulnerability that affects org.apache.spark:spark-core_2.10 and org.apache.spark:spark-core_2.11
High
CVE-2017-12612
was published
for
org.apache.spark:spark-core_2.10
(Maven)
Nov 9, 2018
Apache Ignite communicates to an external PHP server where sensitive information is sent
High
CVE-2017-7686
was published
for
org.apache.ignite:ignite-core
(Maven)
Oct 16, 2018
Querydsl SQL/HQL injection
High
CVE-2024-49203
was published
for
com.querydsl:querydsl-apt
(Maven)
Nov 20, 2024
Apache DolphinScheduler sensitive information disclosure
High
CVE-2023-48796
was published
for
apache-dolphinscheduler
(Maven)
Nov 24, 2023
Apache IoTDB Session Fixation vulnerability
High
CVE-2022-38369
was published
for
apache-iotdb
(Maven)
Sep 6, 2022
Apache IoTDB grafana-connector contains an interface without authorization
High
CVE-2022-38370
was published
for
org.apache.iotdb:iotdb-grafana-connector
(Maven)
Sep 6, 2022
CrateDB authentication bypass vulnerability
High
CVE-2023-51982
was published
for
io.crate:crate
(Maven)
Jan 30, 2024
Graylog concurrent PDF report rendering can leak other users' reports
High
CVE-2024-52506
was published
for
org.graylog:graylog-parent
(Maven)
Nov 18, 2024
Apache Spark UI can allow impersonation if ACLs enabled
High
CVE-2022-33891
was published
for
org.apache.spark:spark-parent_2.12
(Maven)
Jul 19, 2022
Apache Spark UI vulnerable to Command Injection
High
CVE-2023-32007
was published
for
org.apache.spark:spark-parent_2.12
(Maven)
May 2, 2023
Undertow incorrectly parses cookies
High
CVE-2023-4639
was published
for
io.undertow:undertow-core
(Maven)
Nov 17, 2024
OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) allows follower controller to set up flow entries
High
CVE-2024-46942
was published
for
org.opendaylight.mdsal:mdsal-artifacts
(Maven)
Sep 16, 2024
org.xwiki.platform:xwiki-platform-notifications-ui is missing checks for notification filter preferences editions
High
CVE-2024-46978
was published
for
org.xwiki.platform:xwiki-platform-notifications-ui
(Maven)
Sep 18, 2024
Keycloak Denial of Service vulnerability
High
CVE-2023-6841
was published
for
org.keycloak:keycloak-core
(Maven)
Sep 10, 2024
Signature forgery in Spring Boot's Loader
High
CVE-2024-38807
was published
for
org.springframework.boot:spring-boot-loader
(Maven)
Aug 23, 2024
Microcks's POST /api/import and POST /api/export endpoints allow non-administrator access
High
CVE-2024-44076
was published
for
io.github.microcks:microcks-app
(Maven)
Aug 19, 2024
Jenkins Remoting library arbitrary file read vulnerability
High
CVE-2024-43044
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Aug 7, 2024
Apache Linkis arbitrary file deletion vulnerability
High
CVE-2024-27182
was published
for
org.apache.linkis:linkis
(Maven)
Aug 2, 2024
Apache Linkis vulnerable to privilege escalation
High
CVE-2024-27181
was published
for
org.apache.linkis:linkis
(Maven)
Aug 2, 2024
XWiki Platform vulnerable to Cross-site Scripting through attachment filename in uploader
High
CVE-2024-37900
was published
for
org.xwiki.platform:xwiki-platform-web-war
(Maven)
Jul 31, 2024
DNSJava vulnerable to KeyTrap - Denial-of-Service Algorithmic Complexity Attacks
High
GHSA-crjg-w57m-rqqf
was published
for
dnsjava:dnsjava
(Maven)
Jul 22, 2024
DNSJava affected by KeyTrap - NSEC3 closest encloser proof can exhaust CPU resources
High
GHSA-mmwx-rj87-vfgr
was published
for
dnsjava:dnsjava
(Maven)
Jul 22, 2024
Apache Syncope Improper Input Validation vulnerability
High
CVE-2024-38503
was published
for
org.apache.syncope.client.idrepo:syncope-client-idrepo-common-ui
(Maven)
Jul 22, 2024
ProTip!
Advisories are also available from the
GraphQL API