Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,992
Erlang
29
GitHub Actions
16
Go
1,782
Maven
5,000+
npm
3,544
NuGet
619
pip
3,134
Pub
10
RubyGems
838
Rust
795
Swift
34
Unreviewed advisories
All unreviewed
5,000+

2,377 advisories

Loading
Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information Moderate
CVE-2024-21733 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jan 19, 2024
westonsteimel
Stored Cross Site Scripting in beetl-bbs Moderate
CVE-2024-22491 was published for com.ibeetl:beetl (Maven) Jan 16, 2024
Apache Solr allows read access to host environmet variables Moderate
CVE-2023-50290 was published for org.apache.solr:solr-core (Maven) Jan 15, 2024
Apache Shiro vulnerable to path traversal Moderate
CVE-2023-46749 was published for org.apache.shiro:shiro-core (Maven) Jan 15, 2024
Cross-site Scripting in JFinal Moderate
CVE-2024-22493 was published for com.jfinal:jfinal (Maven) Jan 12, 2024
Cross-site Scripting in JFinal Moderate
CVE-2024-22492 was published for com.jfinal:jfinal (Maven) Jan 12, 2024
Qualys Jenkins Plugin for Policy Compliance Cross-site Scripting vulnerability Moderate
CVE-2023-6148 was published for com.qualys.plugins:qualys-pc (Maven) Jan 9, 2024
Qualys Jenkins Plugin for Policy Compliance XML External Entity vulnerability Moderate
CVE-2023-6147 was published for com.qualys.plugins:qualys-pc (Maven) Jan 9, 2024
Qualys Jenkins Plugin for WAS XML External Entity vulnerability Moderate
CVE-2023-6149 was published for com.qualys.plugins:qualys-was (Maven) Jan 9, 2024
IPAddress Infinite Loop vulnerability (Disputed) Moderate
CVE-2023-50570 was published for com.github.seancfoley:ipaddress (Maven) Dec 29, 2023 withdrawn
mike-jumper
JLine vulnerable to out of memory error Moderate
CVE-2023-50572 was published for org.jline:jline-parent (Maven) Dec 29, 2023
ShifuML shifu code injection vulnerability Moderate
CVE-2023-7148 was published for ml.shifu:shifu (Maven) Dec 29, 2023
json-path Out-of-bounds Write vulnerability Moderate
CVE-2023-51074 was published for com.jayway.jsonpath:json-path (Maven) Dec 27, 2023
phrabec SunBK201
mvel2 TimeOut error exists in the ParseTools.subCompileExpression method Moderate
CVE-2023-51079 was published for org.mvel:mvel2 (Maven) Dec 27, 2023
OpenCRX Cross-site Scripting vulnerability Moderate
CVE-2023-27150 was published for org.opencrx:opencrx-core (Maven) Dec 26, 2023
WSO2 Registry Stored Cross Site Scripting (XSS) vulnerability Moderate
CVE-2023-6911 was published for org.wso2.carbon.registry:carbon-registry (Maven) Dec 22, 2023
Grails data binding causes JVM crash and/or other denial of service Moderate
CVE-2023-46131 was published for org.grails:grails-databinding (Maven) Dec 20, 2023
Keycloak Open Redirect vulnerability Moderate
CVE-2023-6927 was published for org.keycloak:keycloak-parent (Maven) Dec 19, 2023
Keycloak vulnerable to reflected XSS via wildcard in OIDC redirect_uri Moderate
CVE-2023-6134 was published for org.keycloak:keycloak-services (Maven) Dec 18, 2023
lauritzh
Xnx3 Wangmarket Cross-Site Scripting vulnerability Moderate
CVE-2023-6886 was published for com.xnx3.wangmarket:wangmarket (Maven) Dec 17, 2023
Solr search discloses email addresses of users Moderate
CVE-2023-50720 was published for org.xwiki.platform:xwiki-platform-search-solr-api (Maven) Dec 16, 2023
Apache StreamPark: Authenticated system users could trigger SQL injection vulnerability Moderate
CVE-2023-30867 was published for org.apache.streampark:streampark (Maven) Dec 15, 2023
WSO2 API Manager allows attackers to change the API rating Moderate
CVE-2023-6835 was published for org.wso2.carbon.apimgt:forum (Maven) Dec 15, 2023
WSO2 products vulnerable to XML External Entity attack Moderate
CVE-2023-6836 was published for org.wso2.am:wso2am (Maven) Dec 15, 2023
Duplicate Advisory: Keycloak vulnerable to reflected XSS via wildcard in OIDC redirect_uri Moderate
GHSA-5968-qw33-h47j was published for org.keycloak:keycloak-services (Maven) Dec 15, 2023 withdrawn
ProTip! Advisories are also available from the GraphQL API