GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,946
Erlang
29
GitHub Actions
16
Go
1,734
Maven
4,963
npm
3,493
NuGet
607
pip
3,059
Pub
10
RubyGems
832
Rust
779
Swift
34
Unreviewed advisories
All unreviewed
5,000+
4,963 advisories
Filter by severity
Apache Pulsar: Improper Authorization For Topic-Level Policy Management
Moderate
CVE-2024-28098
was published
for
org.apache.pulsar:pulsar-broker
(Maven)
Mar 12, 2024
Apache Pulsar: Pulsar Functions Worker's Archive Extraction Vulnerability Allows Unauthorized File Modification
High
CVE-2024-27317
was published
for
org.apache.pulsar:pulsar-functions-worker
(Maven)
Mar 12, 2024
Apache Pulsar: Improper Authentication for Pulsar Proxy Statistics Endpoint
High
CVE-2022-34321
was published
for
org.apache.pulsar:pulsar-proxy
(Maven)
Mar 12, 2024
Apache Pulsar: Improper Input Validation in Pulsar Function Worker allows Remote Code Execution
High
CVE-2024-27135
was published
for
org.apache.pulsar:pulsar-functions-worker
(Maven)
Mar 12, 2024
In Quarkus, git credentials could be inadvertently published
Low
CVE-2024-1979
was published
for
io.quarkus:quarkus-kubernetes-deployment
(Maven)
Mar 13, 2024
Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests
Moderate
CVE-2024-24549
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Mar 13, 2024
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat
Moderate
CVE-2024-23672
was published
for
org.apache.tomcat.embed:tomcat-embed-websocket
(Maven)
Mar 13, 2024
Apache ZooKeeper vulnerable to information disclosure in persistent watchers handling
Moderate
CVE-2024-23944
was published
for
org.apache.zookeeper:zookeeper
(Maven)
Mar 15, 2024
SSRF vulnerability using the Aegis DataBinding in Apache CXF
Moderate
CVE-2024-28752
was published
for
org.apache.cxf:cxf-core
(Maven)
Mar 15, 2024
Spring Framework URL Parsing with Host Validation Vulnerability
High
CVE-2024-22259
was published
for
org.springframework:spring-web
(Maven)
Mar 16, 2024
Erroneous authentication pass in Spring Security
High
CVE-2024-22257
was published
for
org.springframework.security:spring-security-core
(Maven)
Mar 18, 2024
Path traversal in flaskcode Devan-Kerman ARRP
High
CVE-2024-24042
was published
for
net.devtech:arrp
(Maven)
Mar 19, 2024
Improper Input Validation vulnerability in Apache Hop Engine
Moderate
CVE-2024-24683
was published
for
org.apache.hop:hop
(Maven)
Mar 19, 2024
Cross-Site Request Forgery in Apache Wicket
Moderate
CVE-2024-27439
was published
for
org.apache.wicket:wicket
(Maven)
Mar 19, 2024
GeoServer log file path traversal vulnerability
High
CVE-2023-41877
was published
for
org.geoserver:gs-main
(Maven)
Mar 20, 2024
Arbitrary file upload vulnerability in GeoServer's REST Coverage Store API
High
CVE-2023-51444
was published
for
org.geoserver:gs-platform
(Maven)
Mar 20, 2024
Stored Cross-Site Scripting (XSS) vulnerability in GeoServer's REST Resources API
Moderate
CVE-2023-51445
was published
for
org.geoserver:gs-restconfig
(Maven)
Mar 20, 2024
GeoServer Arbitrary file renaming vulnerability in REST Coverage/Data Store API
Moderate
CVE-2024-23634
was published
for
org.geoserver:gs-restconfig
(Maven)
Mar 20, 2024
GeoServer's Style Publisher vulnerable to Stored Cross-Site Scripting (XSS)
Moderate
CVE-2024-23640
was published
for
org.geoserver:gs-main
(Maven)
Mar 20, 2024
GeoServer's Simple SVG Renderer vulnerable to Stored Cross-Site Scripting (XSS)
Moderate
CVE-2024-23642
was published
for
org.geoserver:gs-wms
(Maven)
Mar 20, 2024
GeoServer's GWC Seed Form vulnerable to Stored Cross-Site Scripting (XSS)
Moderate
CVE-2024-23643
was published
for
org.geoserver:gs-gwc-rest
(Maven)
Mar 20, 2024
GeoServer's WMS OpenLayers Format vulnerable to Stored Cross-Site Scripting (XSS)
Moderate
CVE-2024-23818
was published
for
org.geoserver:gs-wms
(Maven)
Mar 20, 2024
GeoServer's MapML HTML Page vulnerable to Stored Cross-Site Scripting (XSS)
Moderate
CVE-2024-23819
was published
for
org.geoserver.extension:gs-mapml
(Maven)
Mar 20, 2024
GeoServer's GWC Demos Page vulnerable to Stored Cross-Site Scripting (XSS)
Moderate
CVE-2024-23821
was published
for
org.geoserver:gs-gwc
(Maven)
Mar 20, 2024
Improper Authentication in Spring Authorization Server
Moderate
CVE-2024-22258
was published
for
org.springframework.security:spring-security-oauth2-authorization-server
(Maven)
Mar 20, 2024
ProTip!
Advisories are also available from the
GraphQL API