GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,777 advisories
Filter by severity
SOFA Hessian Remote Command Execution (RCE) Vulnerability
High
CVE-2024-46983
was published
for
com.alipay.sofa:hessian
(Maven)
Sep 19, 2024
org.xwiki.platform:xwiki-platform-notifications-ui is missing checks for notification filter preferences editions
High
CVE-2024-46978
was published
for
org.xwiki.platform:xwiki-platform-notifications-ui
(Maven)
Sep 18, 2024
OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) allows follower controller to set up flow entries
High
CVE-2024-46942
was published
for
org.opendaylight.mdsal:mdsal-artifacts
(Maven)
Sep 16, 2024
Path traversal vulnerability in functional web frameworks
High
CVE-2024-38816
was published
for
org.springframework:spring-webflux
(Maven)
Sep 13, 2024
Keycloak Denial of Service vulnerability
High
CVE-2023-6841
was published
for
org.keycloak:keycloak-core
(Maven)
Sep 10, 2024
Duplicate Advisory: Keycloak Session Fixation vulnerability
High
GHSA-j76j-rqwj-jmvv
was published
for
org.keycloak:keycloak-services
(Maven)
Sep 9, 2024
•
withdrawn
XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`
High
CVE-2024-45294
was published
for
ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may
(Maven)
Sep 6, 2024
Signature forgery in Spring Boot's Loader
High
CVE-2024-38807
was published
for
org.springframework.boot:spring-boot-loader
(Maven)
Aug 23, 2024
Undertow vulnerable to Race Condition
High
CVE-2024-7885
was published
for
io.undertow:undertow-core
(Maven)
Aug 21, 2024
Apache SeaTunnel SQL Injection vulnerability
High
CVE-2023-49198
was published
for
org.apache.seatunnel:seatunnel
(Maven)
Aug 21, 2024
Apache Helix Front (UI) component contained a hard-coded secret
High
CVE-2024-22281
was published
for
org.apache.helix:helix
(Maven)
Aug 21, 2024
Microcks's POST /api/import and POST /api/export endpoints allow non-administrator access
High
CVE-2024-44076
was published
for
io.github.microcks:microcks-app
(Maven)
Aug 19, 2024
Improper Preservation of Permissions in xxl-job
High
CVE-2024-42681
was published
for
com.xuxueli:xxl-job-core
(Maven)
Aug 15, 2024
Apache MINA SSHD: integrity check bypass
High
CVE-2024-41909
was published
for
org.apache.sshd:sshd-common
(Maven)
Aug 12, 2024
Apache DolphinScheduler: RCE by arbitrary js execution
High
CVE-2024-29831
was published
for
org.apache.dolphinscheduler:dolphinscheduler
(Maven)
Aug 12, 2024
Apache DolphinScheduler: Resource File Read And Write Vulnerability
High
CVE-2024-30188
was published
for
org.apache.dolphinscheduler:dolphinscheduler
(Maven)
Aug 12, 2024
CometVisu Backend for openHAB affected by SSRF/XSS
High
CVE-2024-42467
was published
for
org.openhab.ui.bundles:org.openhab.ui.cometvisu
(Maven)
Aug 9, 2024
Jenkins Remoting library arbitrary file read vulnerability
High
CVE-2024-43044
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Aug 7, 2024
Duplicate Advisory: Reposilite Arbitrary File Read vulnerability
High
CVE-2024-36117
was published
for
com.reposilite:reposilite-backend
(Maven)
Aug 5, 2024
•
withdrawn
Alpine allows URL access filter bypass
High
CVE-2022-23553
was published
for
us.springett:alpine
(Maven)
Aug 5, 2024
Path traversal in Reposilite javadoc file expansion (arbitrary file creation/overwrite) (`GHSL-2024-073`)
High
CVE-2024-36116
was published
for
com.reposilite:reposilite-backend
(Maven)
Aug 2, 2024
Reposilite artifacts vulnerable to Stored Cross-site Scripting
High
CVE-2024-36115
was published
for
com.reposilite:reposilite-backend
(Maven)
Aug 2, 2024
Apache Linkis arbitrary file deletion vulnerability
High
CVE-2024-27182
was published
for
org.apache.linkis:linkis
(Maven)
Aug 2, 2024
Apache Linkis vulnerable to privilege escalation
High
CVE-2024-27181
was published
for
org.apache.linkis:linkis
(Maven)
Aug 2, 2024
Apache Inlong Code Injection vulnerability
High
CVE-2024-36268
was published
for
org.apache.inlong:tubemq-core
(Maven)
Aug 2, 2024
ProTip!
Advisories are also available from the
GraphQL API