GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
4,983 advisories
Filter by severity
Remote Code Execution (RCE) vulnerability in dropwizard-validation
High
CVE-2020-5245
was published
for
io.dropwizard:dropwizard-validation
(Maven)
Feb 24, 2020
BoringSSLAEADContext in Netty Repeats Nonces
Moderate
CVE-2024-36121
was published
for
io.netty.incubator:netty-incubator-codec-ohttp
(Maven)
Jun 5, 2024
Improper Neutralization of Input During Web Page Generation in Spring Framework
Moderate
CVE-2013-6430
was published
for
org.springframework:spring-web
(Maven)
May 5, 2022
Denial of Service in Spring Framework
High
CVE-2018-15756
was published
for
org.springframework:spring-core
(Maven)
Jun 15, 2020
Moderate severity vulnerability that affects org.apache.commons:commons-compress
Moderate
CVE-2018-11771
was published
for
org.apache.commons:commons-compress
(Maven)
Oct 19, 2018
Weak encryption in Ninja Core
Moderate
CVE-2024-36823
was published
for
org.ninjaframework:ninja-core
(Maven)
Jun 7, 2024
Spring Framework URL Parsing with Host Validation
High
CVE-2024-22262
was published
for
org.springframework:spring-web
(Maven)
Apr 16, 2024
Spring Framework vulnerable to denial of service
High
CVE-2023-20863
was published
for
org.springframework:spring-expression
(Maven)
Apr 13, 2023
Duplicate Advisory: SQL injection in pgjdbc
Critical
GHSA-xfg6-62px-cxc2
was published
for
org.postgresql:postgresql
(Maven)
Feb 19, 2024
•
withdrawn
Spring Web vulnerable to Open Redirect or Server Side Request Forgery
High
CVE-2024-22243
was published
for
org.springframework:spring-web
(Maven)
Feb 23, 2024
SSRF vulnerability using the Aegis DataBinding in Apache CXF
Moderate
CVE-2024-28752
was published
for
org.apache.cxf:cxf-core
(Maven)
Mar 15, 2024
Spring Framework URL Parsing with Host Validation Vulnerability
High
CVE-2024-22259
was published
for
org.springframework:spring-web
(Maven)
Mar 16, 2024
Elasticsearch Uncontrolled Resource Consumption vulnerability
Moderate
CVE-2024-23450
was published
for
org.elasticsearch:elasticsearch
(Maven)
Mar 27, 2024
Keycloak exposes sensitive information in Pushed Authorization Requests (PAR)
High
GHSA-69fp-7c8p-crjr
was published
for
org.keycloak:keycloak-services
(Maven)
Jun 10, 2024
Jenkins Report Info Plugin Path Traversal vulnerability
Moderate
CVE-2024-5273
was published
for
org.jenkins-ci.plugins:report-info
(Maven)
May 24, 2024
org.apache.spark:spark-core_2.10 and org.apache.spark:spark-core_2.11 Improper Authentication vulnerability
Moderate
CVE-2018-11770
was published
for
org.apache.spark:spark-core_2.10
(Maven)
Nov 9, 2018
Improper Input Validation in Apache Spark
High
CVE-2018-11804
was published
for
org.apache.spark:spark-core
(Maven)
May 14, 2022
Keycloak DoS via account lockout
Low
CVE-2024-1722
was published
for
org.keycloak:keycloak-core
(Maven)
Feb 29, 2024
Keycloak's admin API allows low privilege users to use administrative functions
High
CVE-2024-3656
was published
for
org.keycloak:keycloak-services
(Maven)
Jun 11, 2024
Keycloak's improper input validation allows using email as username
Low
GHSA-4vc8-pg5c-vg4x
was published
for
org.keycloak:keycloak-services
(Maven)
Jun 12, 2024
Keycloak Denial of Service via account lockout
Low
GHSA-cq42-vhv7-xr7p
was published
for
org.keycloak:keycloak-services
(Maven)
Jun 12, 2024
Elasticsearch Remote Cluster Search Cross Cluster API Key insufficient restrictions
Moderate
CVE-2024-23445
was published
for
org.elasticsearch:elasticsearch
(Maven)
Jun 12, 2024
Apache Submarine Commons Utils has a hard-coded secret
Moderate
CVE-2024-36264
was published
for
org.apache.submarine:submarine-commons-utils
(Maven)
Jun 12, 2024
Apache Submarine Server Core has a SQL Injection Vulnerability
High
CVE-2024-36263
was published
for
org.apache.submarine:submarine-server-core
(Maven)
Jun 12, 2024
Apache Submarine Server Core Incorrect Authorization vulnerability
Critical
CVE-2024-36265
was published
for
org.apache.submarine:submarine-server-core
(Maven)
Jun 12, 2024
ProTip!
Advisories are also available from the
GraphQL API