GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
2,361 advisories
Filter by severity
Grails data binding causes JVM crash and/or other denial of service
Moderate
CVE-2023-46131
was published
for
org.grails:grails-databinding
(Maven)
Dec 20, 2023
Keycloak Open Redirect vulnerability
Moderate
CVE-2023-6927
was published
for
org.keycloak:keycloak-parent
(Maven)
Dec 19, 2023
Keycloak vulnerable to reflected XSS via wildcard in OIDC redirect_uri
Moderate
CVE-2023-6134
was published
for
org.keycloak:keycloak-services
(Maven)
Dec 18, 2023
Xnx3 Wangmarket Cross-Site Scripting vulnerability
Moderate
CVE-2023-6886
was published
for
com.xnx3.wangmarket:wangmarket
(Maven)
Dec 17, 2023
Solr search discloses email addresses of users
Moderate
CVE-2023-50720
was published
for
org.xwiki.platform:xwiki-platform-search-solr-api
(Maven)
Dec 16, 2023
Apache StreamPark: Authenticated system users could trigger SQL injection vulnerability
Moderate
CVE-2023-30867
was published
for
org.apache.streampark:streampark
(Maven)
Dec 15, 2023
WSO2 products vulnerable to XML External Entity attack
Moderate
CVE-2023-6836
was published
for
org.wso2.am:wso2am
(Maven)
Dec 15, 2023
WSO2 API Manager allows attackers to change the API rating
Moderate
CVE-2023-6835
was published
for
org.wso2.carbon.apimgt:forum
(Maven)
Dec 15, 2023
Duplicate Advisory: Keycloak vulnerable to reflected XSS via wildcard in OIDC redirect_uri
Moderate
GHSA-5968-qw33-h47j
was published
for
org.keycloak:keycloak-services
(Maven)
Dec 15, 2023
•
withdrawn
Cross-site Scripting in JFinalcms
Moderate
CVE-2023-50102
was published
for
com.jfinal:jfinal
(Maven)
Dec 14, 2023
Cross-site Scripting in JFinalcms
Moderate
CVE-2023-50100
was published
for
com.jfinal:jfinal
(Maven)
Dec 14, 2023
Cross-site Scripting in JFinalcms
Moderate
CVE-2023-50101
was published
for
com.jfinal:jfinal
(Maven)
Dec 14, 2023
Cross-site Scripting in JFinalcms
Moderate
CVE-2023-50137
was published
for
com.jfinal:jfinal
(Maven)
Dec 14, 2023
Open redirect in Apache Shiro
Moderate
CVE-2023-46750
was published
for
org.apache.shiro:shiro-web
(Maven)
Dec 14, 2023
Tokens stored in plain text by PaaSLane Estimate Plugin
Moderate
CVE-2023-50776
was published
for
com.cloudtp.jenkins:paaslane-estimate
(Maven)
Dec 13, 2023
Jenkins Nexus Platform Plugin missing permission check
Moderate
CVE-2023-50769
was published
for
org.sonatype.nexus.ci:nexus-jenkins-plugin
(Maven)
Dec 13, 2023
Displayed in plain text by Dingding JSON Pusher Plugin
Moderate
CVE-2023-50773
was published
for
com.zintow:dingding-json-pusher
(Maven)
Dec 13, 2023
Cross-Site Request Forgery in Jenkins PaaSLane Estimate Plugin
Moderate
CVE-2023-50778
was published
for
com.cloudtp.jenkins:paaslane-estimate
(Maven)
Dec 13, 2023
Tokens stored in plain text by PaaSLane Estimate Plugin
Moderate
CVE-2023-50777
was published
for
com.cloudtp.jenkins:paaslane-estimate
(Maven)
Dec 13, 2023
Tokens stored in plain text by Dingding JSON Pusher Plugin
Moderate
CVE-2023-50772
was published
for
com.zintow:dingding-json-pusher
(Maven)
Dec 13, 2023
Missing permission check in Jenkins PaaSLane Estimate Plugin
Moderate
CVE-2023-50779
was published
for
com.cloudtp.jenkins:paaslane-estimate
(Maven)
Dec 13, 2023
Open redirect vulnerability in Jenkins OpenId Connect Authentication Plugin
Moderate
CVE-2023-50771
was published
for
org.jenkins-ci.plugins:oic-auth
(Maven)
Dec 13, 2023
Jenkins Nexus Platform Plugin Cross-Site Request Forgery vulnerability
Moderate
CVE-2023-50768
was published
for
org.sonatype.nexus.ci:nexus-jenkins-plugin
(Maven)
Dec 13, 2023
Password stored in a recoverable format by Jenkins OpenId Connect Authentication Plugin
Moderate
CVE-2023-50770
was published
for
org.jenkins-ci.plugins:oic-auth
(Maven)
Dec 13, 2023
Cross-site request forgery vulnerability in Jenkins Deployment Dashboard Plugin
Moderate
CVE-2023-50775
was published
for
org.jenkins-ci.plugins:ec2-deployment-dashboard
(Maven)
Dec 13, 2023
ProTip!
Advisories are also available from the
GraphQL API