Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,664 advisories

Loading
Improper Restriction of XML External Entity Reference in org.cyclonedx:cyclonedx-core-java High
CVE-2024-38374 was published for org.cyclonedx:cyclonedx-core-java (Maven) Jun 24, 2024
mr-zepol nscuro
Reactor Netty HTTP Server denial of service vulnerability High
CVE-2023-34054 was published for io.projectreactor.netty:reactor-netty-core (Maven) Nov 28, 2023
mpihelgas
SQL injection in hibernate-core High
CVE-2020-25638 was published for org.hibernate:hibernate-core (Maven) Feb 9, 2022
vmvarga mpihelgas
Serialization gadgets exploit in jackson-databind High
CVE-2020-35491 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Dec 9, 2021
mpihelgas
jackson-databind mishandles the interaction between serialization gadgets and typing High
CVE-2020-10969 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Apr 23, 2020
mpihelgas
Deserialization of untrusted data in Jackson Databind High
CVE-2020-14062 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jun 18, 2020
mpihelgas
Apache Xalan Java XSLT library integer truncation issue when processing malicious XSLT stylesheets High
CVE-2022-34169 was published for xalan:xalan (Maven) Jul 20, 2022
udengaardandersent-ELS Diddern
skuma762_uhg
SnakeYaml Constructor Deserialization Remote Code Execution High
CVE-2022-1471 was published for org.yaml:snakeyaml (Maven) Dec 12, 2022
justintaft securisec
JLLeitschuh DmitriyLewen yairmzr pjfanning
Keycloak's unvalidated cross-origin messages in checkLoginIframe leads to DDoS High
CVE-2024-1249 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
dhvakr
json-smart Uncontrolled Recursion vulnerabilty High
CVE-2023-1370 was published for net.minidev:json-smart (Maven) Mar 23, 2023
Apache Avro Java SDK vulnerable to Improper Input Validation High
CVE-2023-39410 was published for avro (Maven) Sep 29, 2023
Duplicate Advisory: Denial of Service in JSON-Java High
GHSA-rm7j-f5g5-27vv was published for org.json:json (Maven) Oct 12, 2023 withdrawn
Astralidea
HTTP/2 HPACK integer overflow and buffer allocation High
CVE-2023-36478 was published for org.eclipse.jetty.http2:http2-hpack (Maven) Oct 10, 2023
samalws-tob kaoudis
smichaels-tob joakime
Out of bounds read in json-smart High
CVE-2021-31684 was published for net.minidev:json-smart (Maven) Feb 10, 2022
afdesk
Server Side Request Forgery in Apache Axis High
CVE-2019-0227 was published for axis:axis (Maven) May 14, 2019
ebickle
quarkus-core leaks local environment variables from Quarkus namespace during application's build High
CVE-2024-2700 was published for io.quarkus:quarkus-core (Maven) Apr 4, 2024
bschuhmann
Undertow's url-encoded request path information can be broken on ajp-listener High
CVE-2024-6162 was published for io.undertow:undertow-core (Maven) Jun 20, 2024
Keycloak path transversal vulnerability in redirection validation High
CVE-2024-1132 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
WildFly Elytron: OIDC app attempting to access the second tenant, the user should be prompted to log High
CVE-2023-6236 was published for org.wildfly.security:wildfly-elytron-http-oidc (Maven) Apr 10, 2024
STRIMZI incorrect access control High
CVE-2024-36543 was published for io.strimzi:strimzi (Maven) Jun 17, 2024
Spring Framework server Web DoS Vulnerability High
CVE-2024-22233 was published for org.springframework:spring-core (Maven) Jan 22, 2024
aruneko reva
YukiInu fnxpt schmidt-fu tolmaidis LukaszGrzesik
htmlcleaner vulnerable to stack exhaustion High
CVE-2023-34624 was published for net.sourceforge.htmlcleaner:htmlcleaner (Maven) Jun 14, 2023
onmyquest
Spring-boot-admin sandbox bypass via crafted HTML High
CVE-2023-38286 was published for de.codecentric:spring-boot-admin-server (Maven) Jul 14, 2023
ymuraki-csc danielfernandez
Subrhamanya
Apache Submarine Server Core has a SQL Injection Vulnerability High
CVE-2024-36263 was published for org.apache.submarine:submarine-server-core (Maven) Jun 12, 2024
Keycloak's admin API allows low privilege users to use administrative functions High
CVE-2024-3656 was published for org.keycloak:keycloak-services (Maven) Jun 11, 2024
ProTip! Advisories are also available from the GraphQL API