GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,992
Erlang
29
GitHub Actions
16
Go
1,782
Maven
5,000+
npm
3,544
NuGet
619
pip
3,134
Pub
10
RubyGems
838
Rust
795
Swift
34
Unreviewed advisories
All unreviewed
5,000+
2,377 advisories
Filter by severity
Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information
Moderate
CVE-2024-21733
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jan 19, 2024
Stored Cross Site Scripting in beetl-bbs
Moderate
CVE-2024-22491
was published
for
com.ibeetl:beetl
(Maven)
Jan 16, 2024
Apache Solr allows read access to host environmet variables
Moderate
CVE-2023-50290
was published
for
org.apache.solr:solr-core
(Maven)
Jan 15, 2024
Apache Shiro vulnerable to path traversal
Moderate
CVE-2023-46749
was published
for
org.apache.shiro:shiro-core
(Maven)
Jan 15, 2024
Cross-site Scripting in JFinal
Moderate
CVE-2024-22493
was published
for
com.jfinal:jfinal
(Maven)
Jan 12, 2024
Cross-site Scripting in JFinal
Moderate
CVE-2024-22492
was published
for
com.jfinal:jfinal
(Maven)
Jan 12, 2024
Qualys Jenkins Plugin for Policy Compliance Cross-site Scripting vulnerability
Moderate
CVE-2023-6148
was published
for
com.qualys.plugins:qualys-pc
(Maven)
Jan 9, 2024
Qualys Jenkins Plugin for Policy Compliance XML External Entity vulnerability
Moderate
CVE-2023-6147
was published
for
com.qualys.plugins:qualys-pc
(Maven)
Jan 9, 2024
Qualys Jenkins Plugin for WAS XML External Entity vulnerability
Moderate
CVE-2023-6149
was published
for
com.qualys.plugins:qualys-was
(Maven)
Jan 9, 2024
IPAddress Infinite Loop vulnerability (Disputed)
Moderate
CVE-2023-50570
was published
for
com.github.seancfoley:ipaddress
(Maven)
Dec 29, 2023
•
withdrawn
JLine vulnerable to out of memory error
Moderate
CVE-2023-50572
was published
for
org.jline:jline-parent
(Maven)
Dec 29, 2023
ShifuML shifu code injection vulnerability
Moderate
CVE-2023-7148
was published
for
ml.shifu:shifu
(Maven)
Dec 29, 2023
json-path Out-of-bounds Write vulnerability
Moderate
CVE-2023-51074
was published
for
com.jayway.jsonpath:json-path
(Maven)
Dec 27, 2023
mvel2 TimeOut error exists in the ParseTools.subCompileExpression method
Moderate
CVE-2023-51079
was published
for
org.mvel:mvel2
(Maven)
Dec 27, 2023
OpenCRX Cross-site Scripting vulnerability
Moderate
CVE-2023-27150
was published
for
org.opencrx:opencrx-core
(Maven)
Dec 26, 2023
WSO2 Registry Stored Cross Site Scripting (XSS) vulnerability
Moderate
CVE-2023-6911
was published
for
org.wso2.carbon.registry:carbon-registry
(Maven)
Dec 22, 2023
Grails data binding causes JVM crash and/or other denial of service
Moderate
CVE-2023-46131
was published
for
org.grails:grails-databinding
(Maven)
Dec 20, 2023
Keycloak Open Redirect vulnerability
Moderate
CVE-2023-6927
was published
for
org.keycloak:keycloak-parent
(Maven)
Dec 19, 2023
Keycloak vulnerable to reflected XSS via wildcard in OIDC redirect_uri
Moderate
CVE-2023-6134
was published
for
org.keycloak:keycloak-services
(Maven)
Dec 18, 2023
Xnx3 Wangmarket Cross-Site Scripting vulnerability
Moderate
CVE-2023-6886
was published
for
com.xnx3.wangmarket:wangmarket
(Maven)
Dec 17, 2023
Solr search discloses email addresses of users
Moderate
CVE-2023-50720
was published
for
org.xwiki.platform:xwiki-platform-search-solr-api
(Maven)
Dec 16, 2023
Apache StreamPark: Authenticated system users could trigger SQL injection vulnerability
Moderate
CVE-2023-30867
was published
for
org.apache.streampark:streampark
(Maven)
Dec 15, 2023
WSO2 API Manager allows attackers to change the API rating
Moderate
CVE-2023-6835
was published
for
org.wso2.carbon.apimgt:forum
(Maven)
Dec 15, 2023
WSO2 products vulnerable to XML External Entity attack
Moderate
CVE-2023-6836
was published
for
org.wso2.am:wso2am
(Maven)
Dec 15, 2023
Duplicate Advisory: Keycloak vulnerable to reflected XSS via wildcard in OIDC redirect_uri
Moderate
GHSA-5968-qw33-h47j
was published
for
org.keycloak:keycloak-services
(Maven)
Dec 15, 2023
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API