Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

88 advisories

Loading
QOS.CH logback-core Server-Side Request Forgery vulnerability Low
CVE-2024-12801 was published for ch.qos.logback:logback-core (Maven) Dec 19, 2024
HTHou
http4k has a potential XXE (XML External Entity Injection) vulnerability Critical
CVE-2024-55875 was published for org.http4k:http4k-format-xml (Maven) Dec 12, 2024
JAckLosingHeart
Butterfly has path/URL confusion in resource handling leading to multiple weaknesses Critical
CVE-2024-47883 was published for org.openrefine.dependencies:butterfly (Maven) Oct 24, 2024
CometVisu Backend for openHAB affected by SSRF/XSS High
CVE-2024-42467 was published for org.openhab.ui.bundles:org.openhab.ui.cometvisu (Maven) Aug 9, 2024
p- peuter
Apache CXF: SSRF vulnerability via WADL stylesheet parameter Low
CVE-2024-29736 was published for org.apache.cxf:cxf-rt-rs-service-description (Maven) Jul 19, 2024
Apache StreamPipes has possibility of SSRF in pipeline element installation process Moderate
CVE-2024-31979 was published for org.apache.streampipes:streampipes-parent (Maven) Jul 17, 2024
Apache Karaf Cave: Cave SSRF and arbitrary file access Critical
CVE-2024-34365 was published for org.apache.karaf:cave (Maven) May 14, 2024
Apache HugeGraph-Hubble: SSRF in Hubble connection page Moderate
CVE-2024-27347 was published for org.apache.hugegraph:hugegraph-hubble (Maven) Apr 22, 2024
WildFly Elytron: SSRF security issue High
CVE-2024-1233 was published for org.wildfly.security:wildfly-elytron-realm-token (Maven) Apr 9, 2024
SSRF vulnerability using the Aegis DataBinding in Apache CXF Critical
CVE-2024-28752 was published for org.apache.cxf:cxf-core (Maven) Mar 15, 2024
XXL-JOB vulnerable to Server-Side Request Forgery High
CVE-2024-24113 was published for com.xuxueli:xxl-job (Maven) Feb 8, 2024
Apache Axis Improper Input Validation vulnerability High
CVE-2023-51441 was published for axis:axis (Maven) Jan 6, 2024
ebickle
Microcks contains a Server-Side Request Forgery (SSRF) via the component /jobs and /artifact/download Critical
CVE-2023-48910 was published for io.github.microcks:microcks (Maven) Dec 4, 2023
Cookies are sent to external images in rendered diff (and server side request forgery) Critical
CVE-2023-48240 was published for org.xwiki.platform:xwiki-platform-diff-xml (Maven) Nov 20, 2023
OpenCRX allows a remote attacker to execute arbitrary code via a crafted request Critical
CVE-2023-46502 was published for org.opencrx:opencrx-client (Maven) Oct 31, 2023
WPS Server Side Request Forgery vulnerability High
CVE-2023-43795 was published for org.geoserver.extension:gs-wps-core (Maven) Oct 24, 2023
Unsecured WMS dynamic styling sld=<url> parameter affords blind unauthenticated SSRF Moderate
CVE-2023-41339 was published for org.geoserver.web:gs-web-app (Maven) Oct 24, 2023
thomsmith remsio-syn
us3r777 mprins
Apache Shenyu Server Side Request Forgery vulnerability Moderate
CVE-2023-25753 was published for org.apache.shenyu:shenyu-admin (Maven) Oct 19, 2023
Presto JDBC Server-Side Request Forgery by nextUri High
GHSA-86q5-qcjc-7pv4 was published for com.facebook.presto:presto-jdbc (Maven) Oct 3, 2023
Presto JDBC Server-Side Request Forgery by redirect High
GHSA-xm7x-f3w2-4hjm was published for com.facebook.presto:presto-jdbc (Maven) Oct 3, 2023
WireMock Controlled Server Side Request Forgery vulnerability through URL Moderate
CVE-2023-41327 was published for org.wiremock:wiremock-webhooks-extension (Maven) Sep 6, 2023
W0rty oleg-nenashev
Mahoney tomakehurst
SSRF vulnerability in Jenkins Bitbucket Push and Pull Request Plugin allows capturing credentials High
CVE-2023-41937 was published for io.jenkins.plugins:bitbucket-push-and-pull-request (Maven) Sep 6, 2023
Apache Batik information disclosure vulnerability Moderate
CVE-2022-44730 was published for org.apache.xmlgraphics:batik-script (Maven) Aug 22, 2023
jkmartindale
Apache XML Graphics Batik Server-Side Request Forgery vulnerability High
CVE-2022-44729 was published for org.apache.xmlgraphics:batik-bridge (Maven) Aug 22, 2023
OpenRefine Server-Side Request Forgery vulnerability Moderate
CVE-2022-41401 was published for org.openrefine:main (Maven) Aug 4, 2023
ProTip! Advisories are also available from the GraphQL API