GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,665 advisories
Filter by severity
Connection leaking on idle timeout when TCP congested
High
CVE-2024-22201
was published
for
org.eclipse.jetty.http2:http2-common
(Maven)
Feb 26, 2024
Apache HugeGraph-Server: Bypass whitelist in Auth mode
High
CVE-2024-27349
was published
for
org.apache.hugegraph:hugegraph-api
(Maven)
Apr 22, 2024
Apache InLong: Logged-in user could exploit an arbitrary file read vulnerability
High
CVE-2024-26580
was published
for
org.apache.inlong:manager-common
(Maven)
Mar 6, 2024
Jenkins iceScrum Plugin vulnerable to stored Cross-site Scripting
High
CVE-2024-28160
was published
for
org.jenkins-ci.plugins:icescrum
(Maven)
Mar 6, 2024
Jenkins GitBucket Plugin vulnerable to stored Cross-site Scripting
High
CVE-2024-28157
was published
for
org.jenkins-ci.plugins:gitbucket
(Maven)
Mar 6, 2024
Jenkins Build Monitor View Plugin vulnerable to stored Cross-site Scripting
High
CVE-2024-28156
was published
for
org.jenkins-ci.plugins:build-monitor-plugin
(Maven)
Mar 6, 2024
Jenkins OWASP Dependency-Check Plugin has stored XSS vulnerability
High
CVE-2024-28153
was published
for
org.jenkins-ci.plugins:dependency-check-jenkins-plugin
(Maven)
Mar 6, 2024
Jenkins HTML Publisher Plugin Stored XSS vulnerability
High
CVE-2024-28150
was published
for
org.jenkins-ci.plugins:htmlpublisher
(Maven)
Mar 6, 2024
Jenkins HTML Publisher Plugin does not properly sanitize input
High
CVE-2024-28149
was published
for
org.jenkins-ci.plugins:htmlpublisher
(Maven)
Mar 6, 2024
In Reactor Netty HTTP Server a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack
High
CVE-2023-34062
was published
for
io.projectreactor.netty:reactor-netty-http
(Maven)
Nov 15, 2023
Apache Tomcat vulnerable to information leak
High
CVE-2023-34981
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jun 21, 2023
Apache Tomcat - Fix for CVE-2023-24998 was incomplete
High
CVE-2023-28709
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jul 6, 2023
OpenMetadata vulnerable to a SpEL Injection in `GET /api/v1/policies/validation/condition/<expr>` (`GHSL-2023-236`)
High
CVE-2024-28848
was published
for
org.open-metadata:openmetadata-service
(Maven)
Apr 24, 2024
OpenMetadata vulnerable to a SpEL Injection in `PUT /api/v1/events/subscriptions` (`GHSL-2023-251`)
High
CVE-2024-28847
was published
for
org.open-metadata:openmetadata-service
(Maven)
Apr 24, 2024
Apache Tomcat improperly escapes input from JsonErrorReportValve
High
CVE-2022-45143
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jan 3, 2023
Apache Tomcat may reject request containing invalid Content-Length header
High
CVE-2022-42252
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Nov 1, 2022
Keycloak code execution via UMA policy abuse
High
CVE-2019-10169
was published
for
org.keycloak:keycloak-authz-client
(Maven)
May 24, 2022
Ant Media Server vulnerable to a local privilege escalation
High
CVE-2024-32656
was published
for
io.antmedia:ant-media-server
(Maven)
Apr 22, 2024
Command injection in org.apache.tika:tika-core
High
CVE-2018-1335
was published
for
org.apache.tika:tika-core
(Maven)
Oct 17, 2018
Code execution in org.apache.storm:storm-core
High
CVE-2018-1331
was published
for
org.apache.storm:storm-core
(Maven)
Oct 17, 2018
Improper Authentication in Jenkins
High
CVE-2017-1000354
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
Erroneous authentication pass in Spring Security
High
CVE-2024-22257
was published
for
org.springframework.security:spring-security-core
(Maven)
Mar 18, 2024
Apache Commons FileUpload denial of service vulnerability
High
CVE-2023-24998
was published
for
commons-fileupload:commons-fileupload
(Maven)
Feb 20, 2023
Keycloak path traversal vulnerability in the redirect validation
High
CVE-2024-2419
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
json stack overflow vulnerability
High
CVE-2022-45688
was published
for
cn.hutool:hutool-json
(Maven)
Dec 13, 2022
ProTip!
Advisories are also available from the
GraphQL API