GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,664 advisories
Filter by severity
Spring Framework server Web DoS Vulnerability
High
CVE-2024-22233
was published
for
org.springframework:spring-core
(Maven)
Jan 22, 2024
Exposure of sensitive information in ClickHouse
High
CVE-2024-23689
was published
for
com.clickhouse:clickhouse-client
(Maven)
Jan 19, 2024
Inefficient Algorithmic Complexity in com.upokecenter:cbor
High
CVE-2024-23684
was published
for
com.upokecenter:cbor
(Maven)
Jan 19, 2024
Sandbox escape in Artemis Java Test Sandbox
High
CVE-2024-23682
was published
for
de.tum.in.ase:artemis-java-test-sandbox
(Maven)
Jan 19, 2024
Sandbox escape in Artemis Java Test Sandbox
High
CVE-2024-23683
was published
for
de.tum.in.ase:artemis-java-test-sandbox
(Maven)
Jan 19, 2024
Sandbox escape in Artemis Java Test Sandbox
High
CVE-2024-23681
was published
for
de.tum.in.ase:artemis-java-test-sandbox
(Maven)
Jan 19, 2024
Code injection in mingSoft MCMS
High
CVE-2023-51282
was published
for
net.mingsoft:ms-mcms
(Maven)
Jan 16, 2024
XWiki vulnerable to Denial of Service attack through attachments
High
CVE-2024-21651
was published
for
org.xwiki.platform:xwiki-platform-distribution-war
(Maven)
Jan 8, 2024
XWiki has no right protection on rollback action
High
CVE-2024-21648
was published
for
org.xwiki.platform:xwiki-platform
(Maven)
Jan 8, 2024
Apache Axis Improper Input Validation vulnerability
High
CVE-2023-51441
was published
for
axis:axis
(Maven)
Jan 6, 2024
Ion Java StackOverflow vulnerability
High
CVE-2024-21634
was published
for
com.amazon.ion:ion-java
(Maven)
Jan 3, 2024
Apache InLong Manager Arbitrary File Read Vulnerability
High
CVE-2023-51785
was published
for
org.apache.inlong:manager-pojo
(Maven)
Jan 3, 2024
Apache DolphinScheduler: Arbitrary js execute as root for authenticated users
High
CVE-2023-49299
was published
for
org.apache.dolphinscheduler:dolphinscheduler-master
(Maven)
Dec 30, 2023
Mingsoft MCMS SQL injection
High
CVE-2023-50578
was published
for
net.mingsoft:ms-mcms
(Maven)
Dec 30, 2023
easy-rules-mvel vulnerable to remote code execution
High
CVE-2023-50571
was published
for
org.jeasy:easy-rules-mvel
(Maven)
Dec 29, 2023
hutool-core discovered to contain an infinite loop in the StrSplitter.splitByRegex function
High
CVE-2023-51075
was published
for
cn.hutool:hutool-core
(Maven)
Dec 27, 2023
hutool-core was discovered to contain a stack overflow via NumberUtil.toBigDecimal method
High
CVE-2023-51080
was published
for
cn.hutool:hutool-core
(Maven)
Dec 27, 2023
The redirect_uri validation logic allows for bypassing explicitly allowed hosts that would otherwise be restricted
High
CVE-2023-6291
was published
for
org.keycloak:keycloak-services
(Maven)
Dec 21, 2023
Apache IoTDB: Unsafe deserialize map in Sync Tool
High
CVE-2023-51656
was published
for
org.apache.iotdb:iotdb-parent
(Maven)
Dec 21, 2023
Apache Pulsar WebSocket Proxy contains an Improper Authentication vulnerability
High
CVE-2023-37544
was published
for
org.apache.pulsar:pulsar-websocket
(Maven)
Dec 20, 2023
Velocity execution without script right through tree macro
High
CVE-2023-50732
was published
for
org.xwiki.platform:xwiki-platform-index-tree-macro
(Maven)
Dec 19, 2023
Grackle has StackOverflowError in GraphQL query processing
High
CVE-2023-50730
was published
for
edu.gemini:gsp-graphql-core_2.13
(Maven)
Dec 18, 2023
Solr search discloses password hashes of all users
High
CVE-2023-50719
was published
for
org.xwiki.platform:xwiki-platform-search-solr-api
(Maven)
Dec 16, 2023
Multiple WSO2 products vulnerable to perform user impersonatoin using JIT provisioning
High
CVE-2023-6837
was published
for
org.wso2.carbon.identity.framework:org.wso2.carbon.identity.application.authentication.framework
(Maven)
Dec 15, 2023
Bypass serialize checks in Apache Dubbo
High
CVE-2023-29234
was published
for
org.apache.dubbo:dubbo
(Maven)
Dec 15, 2023
ProTip!
Advisories are also available from the
GraphQL API