GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,778
Maven
5,000+
npm
3,544
NuGet
619
pip
3,128
Pub
10
RubyGems
838
Rust
791
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,676 advisories
Filter by severity
Liferay Portal vulnerable to user impersonation
High
CVE-2024-25148
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 8, 2024
Graylog vulnerable to instantiation of arbitrary classes triggered by API request
High
CVE-2024-24824
was published
for
org.graylog2:graylog2-server
(Maven)
Feb 7, 2024
Apache Pulsar SASL Authentication Provider observable timing discrepancy vulnerability
High
CVE-2023-51437
was published
for
org.apache.pulsar:pulsar-broker-auth-sasl
(Maven)
Feb 7, 2024
Apache Sling Servlets Resolver executes malicious code via path traversal
High
CVE-2024-23673
was published
for
org.apache.sling:org.apache.sling.servlets.resolver
(Maven)
Feb 6, 2024
mingSoft MCMS File Upload vulnerability
High
CVE-2024-22567
was published
for
net.mingsoft:ms-mcms
(Maven)
Feb 5, 2024
CrateDB authentication bypass vulnerability
High
CVE-2023-51982
was published
for
io.crate:crate
(Maven)
Jan 30, 2024
Apache Kylin has Insufficiently Protected Credentials
High
CVE-2023-29055
was published
for
org.apache.kylin:kylin-core-common
(Maven)
Jan 29, 2024
Quarkus Improper Handling of Insufficient Permissions or Privileges and Improper Handling of Exceptional Conditions vulnerability
High
CVE-2023-6267
was published
for
io.quarkus.resteasy.reactive:resteasy-reactive
(Maven)
Jan 25, 2024
Arbitrary file read vulnerability in Jenkins Log Command Plugin
High
CVE-2024-23904
was published
for
org.jenkins-ci.plugins:log-command
(Maven)
Jan 24, 2024
Content-Security-Policy disabled by Red Hat Dependency Analytics Jenkins Plugin
High
CVE-2024-23905
was published
for
io.jenkins.plugins:redhat-dependency-analytics
(Maven)
Jan 24, 2024
Arbitrary file read vulnerability in Git server Plugin can lead to RCE
High
CVE-2024-23899
was published
for
org.jenkins-ci.plugins:git-server
(Maven)
Jan 24, 2024
Cross-site WebSocket hijacking vulnerability in the Jenkins CLI
High
CVE-2024-23898
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Jan 24, 2024
Spring Framework server Web DoS Vulnerability
High
CVE-2024-22233
was published
for
org.springframework:spring-core
(Maven)
Jan 22, 2024
Sandbox escape in Artemis Java Test Sandbox
High
CVE-2024-23682
was published
for
de.tum.in.ase:artemis-java-test-sandbox
(Maven)
Jan 19, 2024
Inefficient Algorithmic Complexity in com.upokecenter:cbor
High
CVE-2024-23684
was published
for
com.upokecenter:cbor
(Maven)
Jan 19, 2024
Sandbox escape in Artemis Java Test Sandbox
High
CVE-2024-23681
was published
for
de.tum.in.ase:artemis-java-test-sandbox
(Maven)
Jan 19, 2024
Exposure of sensitive information in ClickHouse
High
CVE-2024-23689
was published
for
com.clickhouse:clickhouse-client
(Maven)
Jan 19, 2024
Sandbox escape in Artemis Java Test Sandbox
High
CVE-2024-23683
was published
for
de.tum.in.ase:artemis-java-test-sandbox
(Maven)
Jan 19, 2024
Code injection in mingSoft MCMS
High
CVE-2023-51282
was published
for
net.mingsoft:ms-mcms
(Maven)
Jan 16, 2024
XWiki vulnerable to Denial of Service attack through attachments
High
CVE-2024-21651
was published
for
org.xwiki.platform:xwiki-platform-distribution-war
(Maven)
Jan 8, 2024
XWiki has no right protection on rollback action
High
CVE-2024-21648
was published
for
org.xwiki.platform:xwiki-platform
(Maven)
Jan 8, 2024
Apache Axis Improper Input Validation vulnerability
High
CVE-2023-51441
was published
for
axis:axis
(Maven)
Jan 6, 2024
Ion Java StackOverflow vulnerability
High
CVE-2024-21634
was published
for
com.amazon.ion:ion-java
(Maven)
Jan 3, 2024
Apache InLong Manager Arbitrary File Read Vulnerability
High
CVE-2023-51785
was published
for
org.apache.inlong:manager-pojo
(Maven)
Jan 3, 2024
Apache DolphinScheduler: Arbitrary js execute as root for authenticated users
High
CVE-2023-49299
was published
for
org.apache.dolphinscheduler:dolphinscheduler-master
(Maven)
Dec 30, 2023
ProTip!
Advisories are also available from the
GraphQL API