GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,634
NuGet
638
pip
3,250
Pub
10
RubyGems
867
Rust
819
Swift
35
Unreviewed advisories
All unreviewed
5,000+
5,103 advisories
Filter by severity
Apache HugeGraph-Server: Command execution in gremlin
Critical
CVE-2024-27348
was published
for
org.apache.hugegraph:hugegraph-api
(Maven)
Apr 22, 2024
Ant Media Server vulnerable to a local privilege escalation
High
CVE-2024-32656
was published
for
io.antmedia:ant-media-server
(Maven)
Apr 22, 2024
JADX file override vulnerability
Low
GHSA-hvp5-5x4f-33fq
was published
for
io.github.skylot:jadx-core
(Maven)
Apr 22, 2024
OpenMetadata vulnerable to SpEL Injection in `PUT /api/v1/policies` (`GHSL-2023-252`)
Critical
CVE-2024-28253
was published
for
org.open-metadata:openmetadata-service
(Maven)
Apr 23, 2024
OpenMetadata vulnerable to a SpEL Injection in `PUT /api/v1/events/subscriptions` (`GHSL-2023-251`)
High
CVE-2024-28847
was published
for
org.open-metadata:openmetadata-service
(Maven)
Apr 24, 2024
OpenMetadata vulnerable to a SpEL Injection in `GET /api/v1/policies/validation/condition/<expr>` (`GHSL-2023-236`)
High
CVE-2024-28848
was published
for
org.open-metadata:openmetadata-service
(Maven)
Apr 24, 2024
Quarkus: security checks in resteasy reactive may trigger a denial of service
Moderate
CVE-2024-1726
was published
for
io.quarkus.resteasy.reactive:resteasy-reactive
(Maven)
Apr 25, 2024
Jberet: jberet-core logging database credentials
Moderate
CVE-2024-1102
was published
for
org.jberet:jberet-core
(Maven)
Apr 25, 2024
Quarkus: authorization flaw in quarkus resteasy reactive and classic
Moderate
CVE-2023-5675
was published
for
io.quarkus:quarkus-resteasy-reactive-common
(Maven)
Apr 25, 2024
XMLUnit for Java has Insecure Defaults when Processing XSLT Stylesheets
Low
CVE-2024-31573
was published
for
org.xmlunit:xmlunit-core
(Maven)
May 1, 2024
Apache ActiveMQ's default configuration doesn't secure the API web context
High
CVE-2024-32114
was published
for
org.apache.activemq:apache-activemq
(Maven)
May 2, 2024
Wildfly vulnerable to denial of service
Moderate
CVE-2024-4029
was published
for
org.wildfly:wildfly-domain-http
(Maven)
May 2, 2024
Jenkins Git server Plugin does not perform a permission check
Moderate
CVE-2024-34146
was published
for
org.jenkins-ci.plugins:git-server
(Maven)
May 2, 2024
Jenkins Subversion Partial Release Manager Plugin programmatically disables the fix for CVE-2016-3721
Moderate
CVE-2024-34148
was published
for
org.jenkins-ci.plugins:partial-release-manager
(Maven)
May 2, 2024
Jenkins Script Security Plugin has sandbox bypass vulnerability involving crafted constructor bodies
High
CVE-2024-34144
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 2, 2024
Jenkins Telegram Bot Plugin stores the Telegram Bot token in plaintext
Low
CVE-2024-34147
was published
for
org.jenkins-ci.plugins:telegrambot
(Maven)
May 2, 2024
Jenkins Script Security Plugin sandbox bypass vulnerability
High
CVE-2024-34145
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 2, 2024
Apache Hive Code Injection vulnerability
Moderate
CVE-2023-35701
was published
for
org.apache.hive:hive-jdbc
(Maven)
May 3, 2024
Bouncy Castle Java Cryptography API vulnerable to DNS poisoning
Low
CVE-2024-34447
was published
for
org.bouncycastle:bcprov-jdk12
(Maven)
May 3, 2024
Eclipse Dataspace Components vulnerable to OAuth2 client secret disclosure
Moderate
CVE-2024-4536
was published
for
org.eclipse.edc:connector-core
(Maven)
May 7, 2024
MS Basic Cross-site Scripting vulnerability
Moderate
CVE-2024-33748
was published
for
net.mingsoft:ms-basic
(Maven)
May 7, 2024
Neo4j Cypher component mishandles IMMUTABLE privileges
Moderate
CVE-2024-34517
was published
for
org.neo4j:neo4j-cypher
(Maven)
May 7, 2024
Apache Inlong Deserialization of Untrusted Data vulnerability
High
CVE-2024-26579
was published
for
org.apache.inlong:manager-pojo
(Maven)
May 8, 2024
Genie Path Traversal vulnerability via File Uploads
Critical
CVE-2024-4701
was published
for
com.netflix.genie:genie-web
(Maven)
May 9, 2024
Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.
Moderate
CVE-2024-29857
was published
for
BouncyCastle
(Maven)
May 14, 2024
ProTip!
Advisories are also available from the
GraphQL API