GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
5,135 advisories
Filter by severity
Spring Framework DataBinder Case Sensitive Match Exception
Low
CVE-2024-38820
was published
for
org.springframework:spring-context
(Maven)
Oct 18, 2024
Improper Authentication vulnerability in Apache Solr
Critical
CVE-2024-45216
was published
for
org.apache.solr:solr
(Maven)
Oct 16, 2024
Insecure Default Initialization of Resource vulnerability in Apache Solr
High
CVE-2024-45217
was published
for
org.apache.solr:solr
(Maven)
Oct 16, 2024
SAK-50571 Sakai Kernel users created with type roleview can login as a normal user
High
CVE-2024-47876
was published
for
org.sakaiproject.kernel:sakai-kernel-impl
(Maven)
Oct 15, 2024
Eclipse Jetty URI parsing of invalid authority
Low
CVE-2024-6763
was published
for
org.eclipse.jetty:jetty-http
(Maven)
Oct 14, 2024
Eclipse Jetty's ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks
Moderate
CVE-2024-8184
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Oct 14, 2024
Eclipse Jetty's PushSessionCacheFilter can cause remote DoS attacks
Low
CVE-2024-6762
was published
for
org.eclipse.jetty:jetty-servlets
(Maven)
Oct 14, 2024
One Time Passcode (OTP) is valid longer than expiration timeSeverity
Moderate
GHSA-xmmm-jw76-q7vg
was published
for
org.keycloak:keycloak-core
(Maven)
Oct 14, 2024
Session fixation in Elytron SAML adapters
High
GHSA-5rxp-2rhr-qwqv
was published
for
org.keycloak:keycloak-services
(Maven)
Oct 14, 2024
Vulnerable Redirect URI Validation Results in Open Redirect
Moderate
GHSA-w8gr-xwp4-r9f7
was published
for
org.keycloak:keycloak-services
(Maven)
Oct 14, 2024
Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak
High
GHSA-xgfv-xpx8-qhcr
was published
for
org.keycloak:keycloak-saml-core
(Maven)
Oct 14, 2024
Apache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans
High
CVE-2023-50780
was published
for
org.apache.activemq:artemis-cli
(Maven)
Oct 14, 2024
Eclipse Jetty has a denial of service vulnerability on DosFilter
Moderate
CVE-2024-9823
was published
for
org.eclipse.jetty.ee10:jetty-ee10-servlets
(Maven)
Oct 14, 2024
pac4j-core affected by a Java deserialization vulnerability
Critical
CVE-2023-25581
was published
for
org.pac4j:pac4j-core
(Maven)
Oct 11, 2024
Apache XML Graphics FOP XML External Entity Reference ('XXE') vulnerability
Moderate
CVE-2024-28168
was published
for
org.apache.xmlgraphics:fop-core
(Maven)
Oct 9, 2024
Quarkus CXF logs passwords and other secrets
Moderate
CVE-2024-9621
was published
for
io.quarkiverse.cxf:quarkus-cxf
(Maven)
Oct 8, 2024
HTTP Request Smuggling Leading to Client Timeouts in resteasy-netty4
Moderate
CVE-2024-9622
was published
for
org.jboss.resteasy:resteasy-netty4-cdi
(Maven)
Oct 8, 2024
JSON-lib mishandles an unbalanced comment string
Moderate
CVE-2024-47855
was published
for
org.kordamp.json:json-lib-core
(Maven)
Oct 4, 2024
Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader
High
CVE-2024-47554
was published
for
commons-io:commons-io
(Maven)
Oct 3, 2024
Apache Avro Java SDK: Arbitrary Code Execution when reading Avro Data (Java SDK)
Critical
CVE-2024-47561
was published
for
org.apache.avro:avro
(Maven)
Oct 3, 2024
Jenkins exposes multi-line secrets through error messages
Moderate
CVE-2024-47803
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Oct 2, 2024
Jenkins OpenId Connect Authentication Plugin lacks issuer claim validation
Critical
CVE-2024-47807
was published
for
org.jenkins-ci.plugins:oic-auth
(Maven)
Oct 2, 2024
Jenkins item creation restriction bypass vulnerability
Moderate
CVE-2024-47804
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Oct 2, 2024
Jenkins OpenId Connect Authentication Plugin lacks audience claim validation
Critical
CVE-2024-47806
was published
for
org.jenkins-ci.plugins:oic-auth
(Maven)
Oct 2, 2024
Jenkins Credentials plugin reveals encrypted values of credentials to users with Extended Read permission
Moderate
CVE-2024-47805
was published
for
org.jenkins-ci.plugins:credentials
(Maven)
Oct 2, 2024
ProTip!
Advisories are also available from the
GraphQL API