GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
5,234 advisories
Filter by severity
Apache Hive and Spark: CookieSigner exposes the correct signature when message verification fails
High
CVE-2024-23945
was published
for
org.apache.hive:hive-service
(Maven)
Dec 23, 2024
Cross Site Scripting (XSS) vulnerability while uploading content to a new deployment
Moderate
GHSA-64gp-r758-8pfm
was published
for
org.jboss.hal:hal-console
(Maven)
Dec 23, 2024
Keycloak mTLS Authentication Bypass via Reverse Proxy TLS Termination
High
CVE-2024-10039
was published
for
org.keycloak:keycloak-core
(Maven)
Nov 25, 2024
Netty vulnerability included in redis lettuce
Moderate
GHSA-q4h9-7rxj-7gx2
was published
for
io.lettuce:lettuce-core
(Maven)
Dec 2, 2024
veraPDF CLI has potential XXE (XML External Entity Injection) vulnerability
Low
CVE-2024-52800
was published
for
org.verapdf:core
(Maven)
Dec 2, 2024
Keycloak's admin API allows low privilege users to use administrative functions
High
CVE-2024-3656
was published
for
org.keycloak:keycloak-services
(Maven)
Jun 11, 2024
Duplicate Advisory: Keycloak Open Redirect vulnerability
Moderate
GHSA-3p75-q5cc-qmj7
was published
for
org.keycloak:keycloak-parent
(Maven)
Dec 19, 2023
•
withdrawn
Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
High
CVE-2024-56337
was published
for
org.apache.tomcat:tomcat-catalina
(Maven)
Dec 20, 2024
HTTP/2 Stream Cancellation Attack
Moderate
CVE-2023-44487
was published
for
com.typesafe.akka:akka-http-core
(Go)
Oct 10, 2023
Apache Struts file upload logic is flawed
Critical
CVE-2024-53677
was published
for
org.apache.struts:struts2-core
(Maven)
Dec 11, 2024
Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE
Critical
CVE-2024-23897
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Jan 24, 2024
Duplicate Advisory: Keycloak Open Redirect vulnerability
High
GHSA-vvf8-2h68-9475
was published
for
org.keycloak:keycloak-services
(Maven)
Sep 19, 2024
•
withdrawn
Keycloak has Vulnerable Redirect URI Validation Results in Open Redirect
Moderate
CVE-2024-8883
was published
for
org.keycloak:keycloak-services
(Maven)
Oct 14, 2024
Keycloak Denial of Service via account lockout
Low
CVE-2024-1722
was published
for
org.keycloak:keycloak-services
(Maven)
Jun 12, 2024
Duplicate Advisory: Keycloak DoS via account lockout
Low
GHSA-3hrr-xwvg-hxvr
was published
for
org.keycloak:keycloak-core
(Maven)
Feb 29, 2024
•
withdrawn
Keycloak has session fixation in Elytron SAML adapters
High
CVE-2024-7341
was published
for
org.keycloak:keycloak-services
(Maven)
Oct 14, 2024
Duplicate Advisory: Keycloak Session Fixation vulnerability
High
GHSA-j76j-rqwj-jmvv
was published
for
org.keycloak:keycloak-services
(Maven)
Sep 9, 2024
•
withdrawn
Keycloaks's One Time Passcode (OTP) is valid longer than expiration timeSeverity
Moderate
CVE-2024-7318
was published
for
org.keycloak:keycloak-core
(Maven)
Oct 14, 2024
Duplicate Advisory: Keycloak Uses a Key Past its Expiration Date
Moderate
GHSA-57rh-gr4v-j5f6
was published
for
org.keycloak:keycloak-core
(Maven)
Sep 9, 2024
•
withdrawn
Keycloak's improper input validation allows using email as username
Low
CVE-2021-3754
was published
for
org.keycloak:keycloak-services
(Maven)
Jun 12, 2024
Duplicate Advisory: Keycloak user may register themselves with same email ID of any existing user
Moderate
GHSA-j9xq-j329-2xvg
was published
for
org.keycloak:keycloak-core
(Maven)
Aug 27, 2022
•
withdrawn
Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak
High
CVE-2024-8698
was published
for
org.keycloak:keycloak-saml-core
(Maven)
Oct 14, 2024
Duplicate Advisory: Keycloak SAML signature validation flaw
Moderate
GHSA-4xx7-2cx3-x473
was published
for
org.keycloak:keycloak-saml-core
(Maven)
Sep 19, 2024
•
withdrawn
QOS.CH logback-core Expression Language Injection vulnerability
Moderate
CVE-2024-12798
was published
for
ch.qos.logback:logback-core
(Maven)
Dec 19, 2024
QOS.CH logback-core Server-Side Request Forgery vulnerability
Low
CVE-2024-12801
was published
for
ch.qos.logback:logback-core
(Maven)
Dec 19, 2024
ProTip!
Advisories are also available from the
GraphQL API