Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,967
Erlang
29
GitHub Actions
16
Go
1,748
Maven
4,978
npm
3,509
NuGet
609
pip
3,075
Pub
10
RubyGems
832
Rust
781
Swift
34
Unreviewed advisories
All unreviewed
5,000+

2,361 advisories

Loading
Apache Zeppelin Path Traversal vulnerability Moderate
CVE-2024-31860 was published for org.apache.zeppelin:zeppelin-server (Maven) Apr 9, 2024
Reading specially crafted serializable objects from an untrusted source may cause an infinite loop and denial of service Moderate
CVE-2024-22871 was published for org.clojure:clojure (Maven) Feb 29, 2024
puredanger
Apache Hive Code Injection vulnerability Moderate
CVE-2023-35701 was published for org.apache.hive:hive-jdbc (Maven) May 3, 2024
oscerd
Eclipse Dataspace Components vulnerable to OAuth2 client secret disclosure Moderate
CVE-2024-4536 was published for org.eclipse.edc:connector-core (Maven) May 7, 2024
codehaus-plexus vulnerable to XML injection Moderate
CVE-2022-4245 was published for org.codehaus.plexus:plexus-utils (Maven) Sep 25, 2023
Drools Core Deserialization of Untrusted Data vulnerability Moderate
CVE-2022-1415 was published for org.drools:drools-core (Maven) Sep 11, 2023
Jenkins Script Security Plugin sandbox bypass vulnerability Moderate
CVE-2024-34145 was published for org.jenkins-ci.plugins:script-security (Maven) May 2, 2024
Wildfly vulnerable to denial of service Moderate
CVE-2024-4029 was published for org.wildfly:wildfly-domain-http (Maven) May 2, 2024
Jenkins Subversion Partial Release Manager Plugin programmatically disables the fix for CVE-2016-3721 Moderate
CVE-2024-34148 was published for org.jenkins-ci.plugins:partial-release-manager (Maven) May 2, 2024
Apache Zeppelin: Denial of service with invalid notebook name Moderate
CVE-2024-31862 was published for org.apache.zeppelin:zeppelin-server (Maven) Apr 9, 2024
Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints Moderate
CVE-2024-29834 was published for org.apache.pulsar:pulsar-broker (Maven) Apr 2, 2024
oscerd
Apache Commons Configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree Moderate
CVE-2024-29133 was published for org.apache.commons:commons-configuration2 (Maven) Mar 21, 2024
oscerd
Apache Commons Configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator() Moderate
CVE-2024-29131 was published for org.apache.commons:commons-configuration2 (Maven) Mar 21, 2024
oscerd
Cross-Site Request Forgery in Apache Wicket Moderate
CVE-2024-27439 was published for org.apache.wicket:wicket (Maven) Mar 19, 2024
Improper Input Validation vulnerability in Apache Hop Engine Moderate
CVE-2024-24683 was published for org.apache.hop:hop (Maven) Mar 19, 2024
Apache Pulsar: Improper Authorization For Topic-Level Policy Management Moderate
CVE-2024-28098 was published for org.apache.pulsar:pulsar-broker (Maven) Mar 12, 2024
oscerd
Apache Linkis DataSource: DataSource module Oracle SQL Database Password Logged Moderate
CVE-2023-50740 was published for org.apache.linkis:linkis (Maven) Mar 6, 2024
oscerd
Apache Zeppelin CSRF vulnerability in the Credentials page Moderate
CVE-2021-28656 was published for org.apache.zeppelin:zeppelin-web (Maven) Apr 9, 2024
Apache Kafka: Potential incorrect access control during migration from ZK mode to KRaft mode Moderate
CVE-2024-27309 was published for org.apache.kafka:kafka-metadata (Maven) Apr 12, 2024
Apache Zeppelin: LDAP search filter query Injection Vulnerability Moderate
CVE-2024-31867 was published for org.apache.zeppelin:zeppelin-server (Maven) Apr 9, 2024
oscerd
Apache Zeppelin: Cron arbitrary user impersonation with improper privileges Moderate
CVE-2024-31865 was published for org.apache.zeppelin:zeppelin-server (Maven) Apr 9, 2024
oscerd
Apache Zeppelin: Replacing other users notebook, bypassing any permissions Moderate
CVE-2024-31863 was published for org.apache.zeppelin:zeppelin-server (Maven) Apr 9, 2024
Apache Zeppelin SAP: connecting to a malicious SAP server allowed it to perform XXE Moderate
CVE-2022-47894 was published for org.apache.zeppelin:sap (Maven) Apr 9, 2024
Jenkins Subversion Partial Release Manager Plugin missing permission check Moderate
CVE-2024-28159 was published for org.jenkins-ci.plugins:svn-partial-release-mgr (Maven) Mar 6, 2024
Jenkins docker-build-step Plugin Cross-Site Request Forgery vulnerability Moderate
CVE-2024-2215 was published for org.jenkins-ci.plugins:docker-build-step (Maven) Mar 6, 2024
ProTip! Advisories are also available from the GraphQL API