Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,000
Erlang
29
GitHub Actions
16
Go
1,785
Maven
5,000+
npm
3,547
NuGet
621
pip
3,139
Pub
10
RubyGems
839
Rust
795
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,681 advisories

Loading
Apache Pulsar: Pulsar Functions Worker Allows Unauthorized File Access and Unauthorized HTTP/HTTPS Proxying High
CVE-2024-27894 was published for org.apache.pulsar:pulsar-functions-worker (Maven) Mar 12, 2024
oscerd
Apache Pulsar: Pulsar Functions Worker's Archive Extraction Vulnerability Allows Unauthorized File Modification High
CVE-2024-27317 was published for org.apache.pulsar:pulsar-functions-worker (Maven) Mar 12, 2024
oscerd
Apache Pulsar: Improper Input Validation in Pulsar Function Worker allows Remote Code Execution High
CVE-2024-27135 was published for org.apache.pulsar:pulsar-functions-worker (Maven) Mar 12, 2024
oscerd
Connection leaking on idle timeout when TCP congested High
CVE-2024-22201 was published for org.eclipse.jetty.http2:http2-common (Maven) Feb 26, 2024
luffy1949
Apache HugeGraph-Server: Bypass whitelist in Auth mode High
CVE-2024-27349 was published for org.apache.hugegraph:hugegraph-api (Maven) Apr 22, 2024
Apache InLong: Logged-in user could exploit an arbitrary file read vulnerability High
CVE-2024-26580 was published for org.apache.inlong:manager-common (Maven) Mar 6, 2024
oscerd
Jenkins iceScrum Plugin vulnerable to stored Cross-site Scripting High
CVE-2024-28160 was published for org.jenkins-ci.plugins:icescrum (Maven) Mar 6, 2024
Jenkins GitBucket Plugin vulnerable to stored Cross-site Scripting High
CVE-2024-28157 was published for org.jenkins-ci.plugins:gitbucket (Maven) Mar 6, 2024
Jenkins Build Monitor View Plugin vulnerable to stored Cross-site Scripting High
CVE-2024-28156 was published for org.jenkins-ci.plugins:build-monitor-plugin (Maven) Mar 6, 2024
Jenkins OWASP Dependency-Check Plugin has stored XSS vulnerability High
CVE-2024-28153 was published for org.jenkins-ci.plugins:dependency-check-jenkins-plugin (Maven) Mar 6, 2024
Jenkins HTML Publisher Plugin Stored XSS vulnerability High
CVE-2024-28150 was published for org.jenkins-ci.plugins:htmlpublisher (Maven) Mar 6, 2024
Jenkins HTML Publisher Plugin does not properly sanitize input High
CVE-2024-28149 was published for org.jenkins-ci.plugins:htmlpublisher (Maven) Mar 6, 2024
In Reactor Netty HTTP Server a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack High
CVE-2023-34062 was published for io.projectreactor.netty:reactor-netty-http (Maven) Nov 15, 2023
mpihelgas
Apache Tomcat vulnerable to information leak High
CVE-2023-34981 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jun 21, 2023
sunSUNQ westonsteimel
Apache Tomcat - Fix for CVE-2023-24998 was incomplete High
CVE-2023-28709 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jul 6, 2023
westonsteimel
OpenMetadata vulnerable to a SpEL Injection in `GET /api/v1/policies/validation/condition/<expr>` (`GHSL-2023-236`) High
CVE-2024-28848 was published for org.open-metadata:openmetadata-service (Maven) Apr 24, 2024
pwntester
OpenMetadata vulnerable to a SpEL Injection in `PUT /api/v1/events/subscriptions` (`GHSL-2023-251`) High
CVE-2024-28847 was published for org.open-metadata:openmetadata-service (Maven) Apr 24, 2024
pwntester
Apache Tomcat improperly escapes input from JsonErrorReportValve High
CVE-2022-45143 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jan 3, 2023
westonsteimel
Apache Tomcat may reject request containing invalid Content-Length header High
CVE-2022-42252 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Nov 1, 2022
sunSUNQ westonsteimel
Keycloak code execution via UMA policy abuse High
CVE-2019-10169 was published for org.keycloak:keycloak-authz-client (Maven) May 24, 2022
Ant Media Server vulnerable to a local privilege escalation High
CVE-2024-32656 was published for io.antmedia:ant-media-server (Maven) Apr 22, 2024
UNC1739
Command injection in org.apache.tika:tika-core High
CVE-2018-1335 was published for org.apache.tika:tika-core (Maven) Oct 17, 2018
Code execution in org.apache.storm:storm-core High
CVE-2018-1331 was published for org.apache.storm:storm-core (Maven) Oct 17, 2018
Improper Authentication in Jenkins High
CVE-2017-1000354 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Erroneous authentication pass in Spring Security High
CVE-2024-22257 was published for org.springframework.security:spring-security-core (Maven) Mar 18, 2024
ProTip! Advisories are also available from the GraphQL API