GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,967
Erlang
29
GitHub Actions
16
Go
1,748
Maven
4,978
npm
3,509
NuGet
609
pip
3,073
Pub
10
RubyGems
832
Rust
781
Swift
34
Unreviewed advisories
All unreviewed
5,000+
4,978 advisories
Filter by severity
Apache Submarine Server Core has a SQL Injection Vulnerability
High
CVE-2024-36263
was published
for
org.apache.submarine:submarine-server-core
(Maven)
Jun 12, 2024
Apache Submarine Server Core Incorrect Authorization vulnerability
Critical
CVE-2024-36265
was published
for
org.apache.submarine:submarine-server-core
(Maven)
Jun 12, 2024
Spring-boot-admin sandbox bypass via crafted HTML
High
CVE-2023-38286
was published
for
de.codecentric:spring-boot-admin-server
(Maven)
Jul 14, 2023
Integer overflow in BCrypt class in Spring Security
Moderate
CVE-2022-22976
was published
for
org.springframework.security:spring-security-core
(Maven)
May 20, 2022
Elasticsearch StackOverflow vulnerability
Moderate
CVE-2024-37280
was published
for
org.elasticsearch:elasticsearch
(Maven)
Jun 13, 2024
Bouncy Castle crafted signature and public key can be used to trigger an infinite loop
Moderate
CVE-2024-30172
was published
for
BouncyCastle
(Maven)
May 14, 2024
Bouncy Castle Java Cryptography API vulnerable to DNS poisoning
Low
CVE-2024-34447
was published
for
org.bouncycastle:bcprov-jdk12
(Maven)
May 3, 2024
Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack")
Moderate
CVE-2024-30171
was published
for
BouncyCastle
(Maven)
May 14, 2024
htmlcleaner vulnerable to stack exhaustion
High
CVE-2023-34624
was published
for
net.sourceforge.htmlcleaner:htmlcleaner
(Maven)
Jun 14, 2023
Spring Framework server Web DoS Vulnerability
High
CVE-2024-22233
was published
for
org.springframework:spring-core
(Maven)
Jan 22, 2024
SonarQube logs sensitive information
Moderate
CVE-2024-38460
was published
for
org.sonarsource.sonarqube:sonar-web
(Maven)
Jun 16, 2024
DeepJavaLibrary API absolute path traversal
Critical
CVE-2024-37902
was published
for
ai.djl:api
(Maven)
Jun 17, 2024
STRIMZI incorrect access control
High
CVE-2024-36543
was published
for
io.strimzi:strimzi
(Maven)
Jun 17, 2024
WildFly Elytron: OIDC app attempting to access the second tenant, the user should be prompted to log
High
CVE-2023-6236
was published
for
org.wildfly.security:wildfly-elytron-http-oidc
(Maven)
Apr 10, 2024
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
Moderate
CVE-2024-35255
was published
for
@azure/identity
(Go)
Jun 11, 2024
Eclipse Vert.x memory leak
Moderate
CVE-2024-1023
was published
for
io.vertx:vertx-core
(Maven)
Mar 27, 2024
Keycloak path transversal vulnerability in redirection validation
High
CVE-2024-1132
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
Eclipse Vert.x vulnerable to a memory leak in TCP servers
Moderate
CVE-2024-1300
was published
for
io.vertx:vertx-core
(Maven)
Apr 2, 2024
Undertow's url-encoded request path information can be broken on ajp-listener
High
CVE-2024-6162
was published
for
io.undertow:undertow-core
(Maven)
Jun 20, 2024
quarkus-core leaks local environment variables from Quarkus namespace during application's build
High
CVE-2024-2700
was published
for
io.quarkus:quarkus-core
(Maven)
Apr 4, 2024
XWiki Platform allows remote code execution from user account
Critical
CVE-2024-37899
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Jun 20, 2024
ClassGraph XML External Entity Reference
Moderate
CVE-2021-47621
was published
for
io.github.classgraph:classgraph
(Maven)
Jun 21, 2024
Duplicate Advisory: Keycloak: Leak of configured LDAP bind credentials
Low
GHSA-gmrm-8fx4-66x7
was published
for
org.keycloak:keycloak-core
(Maven)
Jun 18, 2024
•
withdrawn
Keycloak leaks configured LDAP bind credentials through the Keycloak admin console
Low
CVE-2024-5967
was published
for
org.keycloak:keycloak-ldap-federation
(Maven)
Jun 21, 2024
Server Side Request Forgery in Apache Axis
High
CVE-2019-0227
was published
for
axis:axis
(Maven)
May 14, 2019
ProTip!
Advisories are also available from the
GraphQL API