Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,990
Erlang
29
GitHub Actions
16
Go
1,779
Maven
5,000+
npm
3,544
NuGet
619
pip
3,133
Pub
10
RubyGems
838
Rust
793
Swift
34
Unreviewed advisories
All unreviewed
5,000+

5,013 advisories

Loading
Improper Authentication in Spring Authorization Server Moderate
CVE-2024-22258 was published for org.springframework.security:spring-security-oauth2-authorization-server (Maven) Mar 20, 2024
SQL injection in Folio Spring Module Core Moderate
CVE-2022-4963 was published for org.folio:spring-module-core (Maven) Mar 21, 2024
Apache Commons Configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree Moderate
CVE-2024-29133 was published for org.apache.commons:commons-configuration2 (Maven) Mar 21, 2024
oscerd
Apache Commons Configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator() Moderate
CVE-2024-29131 was published for org.apache.commons:commons-configuration2 (Maven) Mar 21, 2024
oscerd
XNIO denial of service vulnerability High
CVE-2023-5685 was published for org.jboss.xnio:xnio-api (Maven) Mar 22, 2024
grosario1
Netty's HttpPostRequestDecoder can OOM Moderate
CVE-2024-29025 was published for io.netty:netty-codec-http (Maven) Mar 25, 2024
vietj
Ignite Realtime Openfire privilege escalation vulnerability High
CVE-2024-25420 was published for org.igniterealtime.openfire:xmppserver (Maven) Mar 26, 2024
Ignite Realtime Openfire privilege escalation vulnerability High
CVE-2024-25421 was published for org.igniterealtime.openfire:xmppserver (Maven) Mar 26, 2024
Eclipse Vert.x memory leak Moderate
CVE-2024-1023 was published for io.vertx:vertx-core (Maven) Mar 27, 2024
marcelstoer
Elasticsearch Uncontrolled Resource Consumption vulnerability Moderate
CVE-2024-23450 was published for org.elasticsearch:elasticsearch (Maven) Mar 27, 2024
Elasticsearch Incorrect Authorization vulnerability Moderate
CVE-2024-23451 was published for org.elasticsearch:elasticsearch (Maven) Mar 27, 2024
Elasticsearch Uncaught Exception leading to crash Moderate
CVE-2024-23449 was published for org.elasticsearch:elasticsearch (Maven) Mar 29, 2024
Bonita cross-site scripting vulnerability Moderate
CVE-2024-27609 was published for org.bonitasoft.console:bonita-web-server (Maven) Apr 1, 2024
Withdrawn: JJWT improperly generates signing keys Moderate
CVE-2024-31033 was published for io.jsonwebtoken:jjwt-impl (Maven) Apr 1, 2024 withdrawn
ebickle
Eclipse Vert.x vulnerable to a memory leak in TCP servers Moderate
CVE-2024-1300 was published for io.vertx:vertx-core (Maven) Apr 2, 2024
Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints Moderate
CVE-2024-29834 was published for org.apache.pulsar:pulsar-broker (Maven) Apr 2, 2024
oscerd
quarkus-core leaks local environment variables from Quarkus namespace during application's build High
CVE-2024-2700 was published for io.quarkus:quarkus-core (Maven) Apr 4, 2024
bschuhmann
Xuxueli xxl-job template injection vulnerability Low
CVE-2024-3366 was published for com.xuxueli:xxl-job-core (Maven) Apr 6, 2024
WildFly Elytron: SSRF security issue High
CVE-2024-1233 was published for org.wildfly.security:wildfly-elytron-realm-token (Maven) Apr 9, 2024
Apache Zeppelin Path Traversal vulnerability Moderate
CVE-2024-31860 was published for org.apache.zeppelin:zeppelin-server (Maven) Apr 9, 2024
Apache Zeppelin CSRF vulnerability in the Credentials page Moderate
CVE-2021-28656 was published for org.apache.zeppelin:zeppelin-web (Maven) Apr 9, 2024
Apache Zeppelin: Denial of service with invalid notebook name Moderate
CVE-2024-31862 was published for org.apache.zeppelin:zeppelin-server (Maven) Apr 9, 2024
Apache Zeppelin SAP: connecting to a malicious SAP server allowed it to perform XXE Moderate
CVE-2022-47894 was published for org.apache.zeppelin:sap (Maven) Apr 9, 2024
Apache Zeppelin: Replacing other users notebook, bypassing any permissions Moderate
CVE-2024-31863 was published for org.apache.zeppelin:zeppelin-server (Maven) Apr 9, 2024
Eclipse Kura LogServlet vulnerability High
CVE-2024-3046 was published for org.eclipse.kura:org.eclipse.kura.web2 (Maven) Apr 9, 2024
z3er01
ProTip! Advisories are also available from the GraphQL API