Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,664 advisories

Loading
Spring Framework server Web DoS Vulnerability High
CVE-2024-22233 was published for org.springframework:spring-core (Maven) Jan 22, 2024
aruneko reva
YukiInu fnxpt schmidt-fu tolmaidis LukaszGrzesik
Exposure of sensitive information in ClickHouse High
CVE-2024-23689 was published for com.clickhouse:clickhouse-client (Maven) Jan 19, 2024
Inefficient Algorithmic Complexity in com.upokecenter:cbor High
CVE-2024-23684 was published for com.upokecenter:cbor (Maven) Jan 19, 2024
Sandbox escape in Artemis Java Test Sandbox High
CVE-2024-23682 was published for de.tum.in.ase:artemis-java-test-sandbox (Maven) Jan 19, 2024
Sandbox escape in Artemis Java Test Sandbox High
CVE-2024-23683 was published for de.tum.in.ase:artemis-java-test-sandbox (Maven) Jan 19, 2024
Sandbox escape in Artemis Java Test Sandbox High
CVE-2024-23681 was published for de.tum.in.ase:artemis-java-test-sandbox (Maven) Jan 19, 2024
Code injection in mingSoft MCMS High
CVE-2023-51282 was published for net.mingsoft:ms-mcms (Maven) Jan 16, 2024
XWiki vulnerable to Denial of Service attack through attachments High
CVE-2024-21651 was published for org.xwiki.platform:xwiki-platform-distribution-war (Maven) Jan 8, 2024
XWiki has no right protection on rollback action High
CVE-2024-21648 was published for org.xwiki.platform:xwiki-platform (Maven) Jan 8, 2024
Apache Axis Improper Input Validation vulnerability High
CVE-2023-51441 was published for axis:axis (Maven) Jan 6, 2024
ebickle
Ion Java StackOverflow vulnerability High
CVE-2024-21634 was published for com.amazon.ion:ion-java (Maven) Jan 3, 2024
ebickle
Apache InLong Manager Arbitrary File Read Vulnerability High
CVE-2023-51785 was published for org.apache.inlong:manager-pojo (Maven) Jan 3, 2024
Apache DolphinScheduler: Arbitrary js execute as root for authenticated users High
CVE-2023-49299 was published for org.apache.dolphinscheduler:dolphinscheduler-master (Maven) Dec 30, 2023
Mingsoft MCMS SQL injection High
CVE-2023-50578 was published for net.mingsoft:ms-mcms (Maven) Dec 30, 2023
easy-rules-mvel vulnerable to remote code execution High
CVE-2023-50571 was published for org.jeasy:easy-rules-mvel (Maven) Dec 29, 2023
hutool-core discovered to contain an infinite loop in the StrSplitter.splitByRegex function High
CVE-2023-51075 was published for cn.hutool:hutool-core (Maven) Dec 27, 2023
hutool-core was discovered to contain a stack overflow via NumberUtil.toBigDecimal method High
CVE-2023-51080 was published for cn.hutool:hutool-core (Maven) Dec 27, 2023
henrikplate
The redirect_uri validation logic allows for bypassing explicitly allowed hosts that would otherwise be restricted High
CVE-2023-6291 was published for org.keycloak:keycloak-services (Maven) Dec 21, 2023
Apache IoTDB: Unsafe deserialize map in Sync Tool High
CVE-2023-51656 was published for org.apache.iotdb:iotdb-parent (Maven) Dec 21, 2023
Apache Pulsar WebSocket Proxy contains an Improper Authentication vulnerability High
CVE-2023-37544 was published for org.apache.pulsar:pulsar-websocket (Maven) Dec 20, 2023
Velocity execution without script right through tree macro High
CVE-2023-50732 was published for org.xwiki.platform:xwiki-platform-index-tree-macro (Maven) Dec 19, 2023
Grackle has StackOverflowError in GraphQL query processing High
CVE-2023-50730 was published for edu.gemini:gsp-graphql-core_2.13 (Maven) Dec 18, 2023
Solr search discloses password hashes of all users High
CVE-2023-50719 was published for org.xwiki.platform:xwiki-platform-search-solr-api (Maven) Dec 16, 2023
Multiple WSO2 products vulnerable to perform user impersonatoin using JIT provisioning High
CVE-2023-6837 was published for org.wso2.carbon.identity.framework:org.wso2.carbon.identity.application.authentication.framework (Maven) Dec 15, 2023
Bypass serialize checks in Apache Dubbo High
CVE-2023-29234 was published for org.apache.dubbo:dubbo (Maven) Dec 15, 2023
ProTip! Advisories are also available from the GraphQL API