GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
5,100 advisories
Filter by severity
quarkus-core leaks local environment variables from Quarkus namespace during application's build
High
CVE-2024-2700
was published
for
io.quarkus:quarkus-core
(Maven)
Apr 4, 2024
Eclipse Vert.x vulnerable to a memory leak in TCP servers
Moderate
CVE-2024-1300
was published
for
io.vertx:vertx-core
(Maven)
Apr 2, 2024
Keycloak path traversal vulnerability in redirection validation
High
CVE-2024-1132
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
Duplicate Advisory: Keycloak exposes sensitive information in Pushed Authorization Requests (PAR)
High
GHSA-4vrx-8phj-x3mg
was published
for
org.keycloak:keycloak-services
(Maven)
Jun 3, 2024
•
withdrawn
Apache NiFi vulnerable to Cross-site Scripting
Moderate
CVE-2024-37389
was published
for
org.apache.nifi:nifi-web-ui
(Maven)
Jul 8, 2024
Keycloak exposes sensitive information in Pushed Authorization Requests (PAR)
High
CVE-2024-4540
was published
for
org.keycloak:keycloak-services
(Maven)
Jun 10, 2024
XWiki Platform vulnerable to document deletion and overwrite from edit
Moderate
CVE-2024-37898
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Jul 31, 2024
XWiki Platform vulnerable to Cross-Site Scripting (XSS) through conflict resolution
Critical
CVE-2024-41947
was published
for
org.xwiki.platform:xwiki-platform-web-templates
(Maven)
Jul 31, 2024
Elasticsearch stores private key on disk unencrypted
Moderate
CVE-2024-23444
was published
for
org.elasticsearch:elasticsearch
(Maven)
Jul 31, 2024
H2O vulnerable to Deserialization of Untrusted Data
High
CVE-2024-6960
was published
for
ai.h2o:h2o-core
(Maven)
Jul 21, 2024
Bootstrap Vulnerable to Cross-Site Scripting
Moderate
CVE-2019-8331
was published
for
Bootstrap.Less
(RubyGems)
Feb 22, 2019
Bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-14041
was published
for
bootstrap
(RubyGems)
Sep 13, 2018
Apache Isis webconsole module may directly query the database in prototype mode
Moderate
CVE-2022-42467
was published
for
org.apache.isis.core:isis-core
(Maven)
Oct 19, 2022
Apache StreamPipes: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Recovery Token Generation
Critical
CVE-2024-29868
was published
for
org.apache.streampipes:streampipes-resource-management
(Maven)
Jun 24, 2024
Cross site scripting in Apache JSPWiki
Moderate
CVE-2024-27136
was published
for
org.apache.jspwiki:jspwiki-main
(Maven)
Jun 24, 2024
Apache Jena vulnerable to Deserialization of Untrusted Data
Critical
CVE-2022-45136
was published
for
org.apache.jena:jena-sdb
(Maven)
Nov 14, 2022
Apache Axis 1.x (EOL) may allow RCE when untrusted input is passed to getService
Critical
CVE-2023-40743
was published
for
axis:axis
(Maven)
Sep 5, 2023
Apache Hadoop allows local user to gain root privileges
High
CVE-2023-26031
was published
for
org.apache.hadoop:hadoop-yarn-project
(Maven)
Nov 16, 2023
Jenkins NeuVector Vulnerability Scanner Plugin Cross-Site Request Forgery vulnerability
Moderate
CVE-2023-49673
was published
for
io.jenkins.plugins:neuvector-vulnerability-scanner
(Maven)
Nov 29, 2023
Apache DolphinScheduler vulnerable to arbitrary JavaScript execution as root for authenticated users
High
CVE-2024-23320
was published
for
org.apache.dolphinscheduler:dolphinscheduler-master
(Maven)
Feb 23, 2024
Apache InLong: Logged-in user could exploit an arbitrary file read vulnerability
Critical
CVE-2024-26580
was published
for
org.apache.inlong:manager-common
(Maven)
Mar 6, 2024
Apache Linkis vulnerable to privilege escalation
Moderate
CVE-2024-27181
was published
for
org.apache.linkis:linkis
(Maven)
Aug 2, 2024
Quarkus Cache Runtime exposes sensitive information to an unauthorized actor
Moderate
CVE-2023-6393
was published
for
io.quarkus:quarkus-cache
(Maven)
Dec 6, 2023
Authorization bypass in Quarkus
High
CVE-2023-6394
was published
for
io.quarkus:quarkus-smallrye-graphql-client
(Maven)
Dec 9, 2023
Apache Archiva Incorrect Authorization vulnerability
High
CVE-2024-27139
was published
for
org.apache.archiva:archiva
(Maven)
Mar 1, 2024
ProTip!
Advisories are also available from the
GraphQL API