Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,218
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

5,170 advisories

Loading
Quarkus CXF logs passwords and other secrets Moderate
CVE-2024-9621 was published for io.quarkiverse.cxf:quarkus-cxf (Maven) Oct 8, 2024
JSON-lib mishandles an unbalanced comment string Moderate
CVE-2024-47855 was published for org.kordamp.json:json-lib-core (Maven) Oct 4, 2024
Apache Avro Java SDK: Arbitrary Code Execution when reading Avro Data (Java SDK) Critical
CVE-2024-47561 was published for org.apache.avro:avro (Maven) Oct 3, 2024
dbrugman
Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader High
CVE-2024-47554 was published for commons-io:commons-io (Maven) Oct 3, 2024
Jenkins OpenId Connect Authentication Plugin lacks audience claim validation Critical
CVE-2024-47806 was published for org.jenkins-ci.plugins:oic-auth (Maven) Oct 2, 2024
Jenkins OpenId Connect Authentication Plugin lacks issuer claim validation Critical
CVE-2024-47807 was published for org.jenkins-ci.plugins:oic-auth (Maven) Oct 2, 2024
Jenkins item creation restriction bypass vulnerability Moderate
CVE-2024-47804 was published for org.jenkins-ci.main:jenkins-core (Maven) Oct 2, 2024
Jenkins exposes multi-line secrets through error messages Moderate
CVE-2024-47803 was published for org.jenkins-ci.main:jenkins-core (Maven) Oct 2, 2024
Jenkins Credentials plugin reveals encrypted values of credentials to users with Extended Read permission Moderate
CVE-2024-47805 was published for org.jenkins-ci.plugins:credentials (Maven) Oct 2, 2024
Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator. Moderate
CVE-2024-45772 was published for org.apache.lucene:lucene-replicator (Maven) Sep 30, 2024
streichsbaer
Eclipse Glassfish improperly handles http parameters Moderate
CVE-2024-9329 was published for org.glassfish.main.admin:rest-service (Maven) Sep 30, 2024
Maven Archetype Plugin: Maven Archetype integration-test may package local settings into the published artifact, possibly containing credentials Low
CVE-2024-47197 was published for org.apache.maven.plugins:maven-archetype-plugin (Maven) Sep 26, 2024
Apache Hadoop: Temporary File Local Information Disclosure Low
CVE-2024-23454 was published for org.apache.hadoop:hadoop-common (Maven) Sep 25, 2024
oscerd
Apache Linkis Spark EngineConn: Commons Lang's RandomStringUtils Random string security vulnerability High
CVE-2024-39928 was published for org.apache.linkis:linkis-engineplugin-spark (Maven) Sep 25, 2024
oscerd
Spring Framework DoS via conditional HTTP request Moderate
CVE-2024-38809 was published for org.springframework:spring-web (Maven) Sep 24, 2024
DataEase has an XML External Entity Reference vulnerability High
CVE-2024-46985 was published for io.dataease:common (Maven) Sep 23, 2024
flylzj
DataEase's H2 datasource has a remote command execution risk Critical
CVE-2024-46997 was published for io.dataease:common (Maven) Sep 23, 2024
flylzj
Keycloak SAML signature validation flaw High
CVE-2024-8698 was published for org.keycloak:keycloak-saml-core (Maven) Sep 19, 2024
Keycloak Open Redirect vulnerability High
CVE-2024-8883 was published for org.keycloak:keycloak-services (Maven) Sep 19, 2024
protobuf-java has potential Denial of Service issue High
CVE-2024-7254 was published for com.google.protobuf:protobuf-java (RubyGems) Sep 19, 2024
Gematik Referenzvalidator has an XXE vulnerability that can lead to a Server Side Request Forgery attack High
CVE-2024-46984 was published for de.gematik.refv.commons:commons (Maven) Sep 19, 2024
SOFA Hessian Remote Command Execution (RCE) Vulnerability High
CVE-2024-46983 was published for com.alipay.sofa:hessian (Maven) Sep 19, 2024
unam4 springkill
org.xwiki.platform:xwiki-platform-notifications-ui leaks data of notification filters of users Moderate
CVE-2024-46979 was published for org.xwiki.platform:xwiki-platform-notifications-ui (Maven) Sep 18, 2024
org.xwiki.platform:xwiki-platform-notifications-ui is missing checks for notification filter preferences editions Moderate
CVE-2024-46978 was published for org.xwiki.platform:xwiki-platform-notifications-ui (Maven) Sep 18, 2024
floerer
Keycloak Services has a potential bypass of brute force protection Moderate
CVE-2024-4629 was published for org.keycloak:keycloak-services (Maven) Sep 17, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database