GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,718 advisories
Filter by severity
Azure SDK for Java Security Feature Bypass Vulnerability
High
CVE-2020-16971
was published
for
com.azure:azure-core-amqp
(Maven)
May 24, 2022
Undertow's url-encoded request path information can be broken on ajp-listener
High
CVE-2024-6162
was published
for
io.undertow:undertow-core
(Maven)
Jun 20, 2024
Denial of Service in Connect2id Nimbus JOSE+JWT
High
CVE-2023-52428
was published
for
com.nimbusds:nimbus-jose-jwt
(Maven)
Feb 11, 2024
OpenRefine JDBC Attack Vulnerability
High
CVE-2024-23833
was published
for
org.openrefine:database
(Maven)
Feb 12, 2024
Insecure Default Initialization of Resource vulnerability in Apache Solr
High
CVE-2024-45217
was published
for
org.apache.solr:solr
(Maven)
Oct 16, 2024
Apache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans
High
CVE-2023-50780
was published
for
org.apache.activemq:artemis-cli
(Maven)
Oct 14, 2024
Undertow vulnerable to Race Condition
High
CVE-2024-7885
was published
for
io.undertow:undertow-core
(Maven)
Aug 21, 2024
ureport arbitrary file read vulnerability
High
CVE-2023-48848
was published
for
com.bstek.ureport:ureport2-core
(Maven)
Nov 28, 2023
CSRF vulnerability and missing permission check in Jenkins JiraTestResultReporter Plugin
High
CVE-2022-28136
was published
for
org.jenkins-ci.plugins:JiraTestResultReporter
(Maven)
Mar 30, 2022
Apache Tomcat allows remote attackers to read data that was intended to be associated with a different request
High
CVE-2016-8747
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat
High
CVE-2016-6817
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Code execution vulnerability in HtmlUnit
High
CVE-2020-5529
was published
for
net.sourceforge.htmlunit:htmlunit
(Maven)
May 21, 2020
SAK-50571 Sakai Kernel users created with type roleview can login as a normal user
High
CVE-2024-47876
was published
for
org.sakaiproject.kernel:sakai-kernel-impl
(Maven)
Oct 15, 2024
Session fixation in Elytron SAML adapters
High
GHSA-5rxp-2rhr-qwqv
was published
for
org.keycloak:keycloak-services
(Maven)
Oct 14, 2024
Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak
High
GHSA-xgfv-xpx8-qhcr
was published
for
org.keycloak:keycloak-saml-core
(Maven)
Oct 14, 2024
XML External Entity Reference in Apache NiFi
High
CVE-2023-22832
was published
for
org.apache.nifi:nifi-ccda-processors
(Maven)
Feb 10, 2023
Keycloak's admin API allows low privilege users to use administrative functions
High
CVE-2024-3656
was published
for
org.keycloak:keycloak-services
(Maven)
Jun 11, 2024
Apache Tomcat vulnerable to information leak
High
CVE-2023-34981
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jun 21, 2023
PowerJob incorrect access control vulnerability
High
CVE-2023-36106
was published
for
tech.powerjob:powerjob
(Maven)
Aug 17, 2023
OpenNMS vulnerable to remote code execution
High
CVE-2023-40313
was published
for
org.opennms:opennms-base-assembly
(Maven)
Aug 17, 2023
Duplicate Advisory: Apiman has insufficient checks for read permissions
High
GHSA-54r5-wr8x-x5v3
was published
for
io.apiman:apiman-manager-api-rest-impl
(Maven)
Dec 20, 2022
•
withdrawn
Duplicate Advisory: AWS Redshift JDBC Driver fails to validate class type during object instantiation
High
GHSA-5c6q-f783-h888
was published
for
com.amazon.redshift:redshift-jdbc42
(Maven)
Sep 30, 2022
•
withdrawn
Apache NiFi Code Injection vulnerability
High
CVE-2023-36542
was published
for
org.apache.nifi:nifi-cdc-mysql-bundle
(Maven)
Jul 29, 2023
Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader
High
CVE-2024-47554
was published
for
commons-io:commons-io
(Maven)
Oct 3, 2024
JDBC URL bypassing by allowLoadLocalInfileInPath param
High
CVE-2023-34434
was published
for
org.apache.inlong:manager-pojo
(Maven)
Jul 25, 2023
ProTip!
Advisories are also available from the
GraphQL API