GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,956
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,969
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+
4,969 advisories
Filter by severity
Arbitrary code execution in Apache Commons BeanUtils
High
CVE-2014-0114
was published
for
commons-beanutils:commons-beanutils
(Maven)
Jun 10, 2020
Jberet: jberet-core logging database credentials
Moderate
CVE-2024-1102
was published
for
org.jberet:jberet-core
(Maven)
Apr 25, 2024
WildFly Elytron: SSRF security issue
High
CVE-2024-1233
was published
for
org.wildfly.security:wildfly-elytron-realm-token
(Maven)
Apr 9, 2024
Silverpeas authentication bypass
High
CVE-2024-36042
was published
for
org.silverpeas.core:silverpeas-core
(Maven)
Jun 3, 2024
iq80 Snappy out-of-bounds read when uncompressing data, leading to JVM crash
Moderate
CVE-2024-36124
was published
for
org.iq80.snappy:snappy
(Maven)
Jun 4, 2024
MyBatis-Plus vulnerable to SQL injection via TenantPlugin
Critical
CVE-2023-25330
was published
for
com.baomidou:mybatis-plus
(Maven)
Apr 5, 2023
Microsoft Common Data Model SDK Denial of Service Vulnerability
Moderate
CVE-2023-36566
was published
for
Microsoft.CommonDataModel.ObjectModel
(Maven)
Oct 10, 2023
Decompressors can crash the JVM and leak memory content in Aircompressor
High
CVE-2024-36114
was published
for
io.airlift:aircompressor
(Maven)
Jun 2, 2024
CSRF vulnerability in Jenkins Nomad Plugin allow SSRF
Moderate
CVE-2019-10292
was published
for
org.jenkins-ci.plugins:kmap-jenkins
(Maven)
May 13, 2022
Missing permission check in Jenkins Kmap Plugin allow SSRF
Moderate
CVE-2019-10293
was published
for
org.jenkins-ci.plugins:kmap-jenkins
(Maven)
May 13, 2022
Apache ActiveMQ Deserialization of Untrusted Data vulnerability
High
CVE-2022-41678
was published
for
org.apache.activemq:apache-activemq
(Maven)
Nov 28, 2023
OpenCMS Cross-Site Scripting vulnerability
Moderate
CVE-2024-5520
was published
for
org.opencms:opencms-core
(Maven)
May 30, 2024
Jenkins PegDown Formatter Plugin has Cross-site Scripting vulnerability
Moderate
CVE-2019-10374
was published
for
org.jenkins-ci.plugins:pegdown-formatter
(Maven)
May 24, 2022
Improper Restriction of XML External Entity Reference Jenkins Token Macro Plugin
High
CVE-2019-10337
was published
for
org.jenkins-ci.plugins:token-macro
(Maven)
May 24, 2022
Jenkins NeuVector Vulnerability Scanner Plugin Cross-Site Request Forgery vulnerability
Moderate
CVE-2023-49673
was published
for
io.jenkins.plugins:neuvector-vulnerability-scanner
(Maven)
Nov 29, 2023
Jenkins NeuVector Vulnerability Scanner Plugin missing permission check
Moderate
CVE-2023-49674
was published
for
io.jenkins.plugins:neuvector-vulnerability-scanner
(Maven)
Nov 29, 2023
Code injection in Apache Zeppelin Shell
Moderate
CVE-2024-31861
was published
for
org.apache.zeppelin:zeppelin-shell
(Maven)
Apr 11, 2024
OpenAPI Generator Online - Arbitrary File Read/Delete
High
CVE-2024-35219
was published
for
org.openapitools:openapi-generator-online
(Maven)
May 28, 2024
json-path Out-of-bounds Write vulnerability
Moderate
CVE-2023-51074
was published
for
com.jayway.jsonpath:json-path
(Maven)
Dec 27, 2023
Improper escaping in Apache Zeppelin
Moderate
CVE-2024-31866
was published
for
org.apache.zeppelin:zeppelin-interpreter
(Maven)
Apr 9, 2024
Soot Infinite Loop vulnerability
High
CVE-2023-46442
was published
for
org.soot-oss:soot
(Maven)
May 24, 2024
Spring Boot Security Bypass with Wildcard Pattern Matching on Cloud Foundry
Critical
CVE-2023-20873
was published
for
org.springframework.boot:spring-boot-actuator-autoconfigure
(Maven)
Apr 20, 2023
Kwik does not discard unused encryption keys
Moderate
CVE-2024-22588
was published
for
tech.kwik:kwik
(Maven)
May 24, 2024
Path Traversal in Apache Flink
High
CVE-2020-17519
was published
for
org.apache.flink:flink-runtime_2.11
(Maven)
Jan 6, 2021
In Bouncy Castle JCE Provider it is possible to inject extra elements in the sequence making up the signature and still have it validate
High
CVE-2016-1000338
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 17, 2018
ProTip!
Advisories are also available from the
GraphQL API