Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,049
Erlang
29
GitHub Actions
18
Go
1,871
Maven
5,000+
npm
3,597
NuGet
638
pip
3,198
Pub
10
RubyGems
852
Rust
809
Swift
35
Unreviewed advisories
All unreviewed
5,000+

2,398 advisories

Signature forgery in Spring Boot's Loader Moderate
CVE-2024-38807 was published for org.springframework.boot:spring-boot-loader (Maven) Aug 23, 2024
apollo-portal has potential unauthorized access issue Moderate
CVE-2024-43397 was published for com.ctrip.framework.apollo:apollo (Maven) Aug 20, 2024
Spring Framework vulnerable to Denial of Service Moderate
CVE-2024-38808 was published for org.springframework:spring-expression (Maven) Aug 20, 2024
Spring Security Missing Authorization vulnerability Moderate
CVE-2024-38810 was published for org.springframework.security:spring-security-core (Maven) Aug 20, 2024
Microcks's POST /api/import and POST /api/export endpoints allow non-administrator access Moderate
CVE-2024-44076 was published for io.github.microcks:microcks-app (Maven) Aug 19, 2024
CometVisu Backend for openHAB has a path traversal vulnerability Moderate
CVE-2024-42468 was published for org.openhab.ui.bundles:org.openhab.ui.cometvisu (Maven) Aug 9, 2024
p- peuter
CometVisu Backend for openHAB has a sensitive information disclosure vulnerability Moderate
CVE-2024-42470 was published for org.openhab.ui.bundles:org.openhab.ui.cometvisu (Maven) Aug 9, 2024
p-
Jenkins does not perform a permission check in an HTTP endpoint Moderate
CVE-2024-43045 was published for org.jenkins-ci.main:jenkins-core (Maven) Aug 7, 2024
Apereo CAS vulnerable to credential leaks for LDAP authentication Moderate
CVE-2023-28857 was published for org.apereo.cas:cas-server-support-x509-core (Maven) Aug 5, 2024
Alpine allows Authentication Filter bypass Moderate
CVE-2022-23554 was published for us.springett:alpine (Maven) Aug 5, 2024
Apache Linkis arbitrary file deletion vulnerability Moderate
CVE-2024-27182 was published for org.apache.linkis:linkis (Maven) Aug 2, 2024
Apache Linkis vulnerable to privilege escalation Moderate
CVE-2024-27181 was published for org.apache.linkis:linkis (Maven) Aug 2, 2024
Elasticsearch stores private key on disk unencrypted Moderate
CVE-2024-23444 was published for org.elasticsearch:elasticsearch (Maven) Jul 31, 2024
XWiki Platform vulnerable to Cross-site Scripting through attachment filename in uploader Moderate
CVE-2024-37900 was published for org.xwiki.platform:xwiki-platform-web-war (Maven) Jul 31, 2024
RoboGR00t
XWiki Platform vulnerable to document deletion and overwrite from edit Moderate
CVE-2024-37898 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Jul 31, 2024
Elasticsearch Insertion of Sensitive Information into Log File Moderate
CVE-2023-49921 was published for org.elasticsearch:elasticsearch (Maven) Jul 26, 2024
XML External Entity Reference (XXE) in the XML Format Plugin in Apache Drill Moderate
CVE-2023-48362 was published for org.apache.drill.exec:drill-java-exec (Maven) Jul 24, 2024
DNSJava vulnerable to KeyTrap - Denial-of-Service Algorithmic Complexity Attacks Moderate
GHSA-crjg-w57m-rqqf was published for dnsjava:dnsjava (Maven) Jul 22, 2024
DNSJava affected by KeyTrap - NSEC3 closest encloser proof can exhaust CPU resources Moderate
GHSA-mmwx-rj87-vfgr was published for dnsjava:dnsjava (Maven) Jul 22, 2024
Apache Syncope Improper Input Validation vulnerability Moderate
CVE-2024-38503 was published for org.apache.syncope.client.idrepo:syncope-client-idrepo-common-ui (Maven) Jul 22, 2024
Apache RocketMQ Vulnerable to Unauthorized Exposure of Sensitive Data Moderate
CVE-2024-23321 was published for org.apache.rocketmq:rocketmq-all (Maven) Jul 22, 2024
oscerd
Apache CXF Denial of Service vulnerability in JOSE Moderate
CVE-2024-32007 was published for org.apache.cxf:cxf-rt-rs-security-jose (Maven) Jul 19, 2024
Apache CXF: SSRF vulnerability via WADL stylesheet parameter Moderate
CVE-2024-29736 was published for org.apache.cxf:cxf-rt-rs-service-description (Maven) Jul 19, 2024
The OpenSearch reporting plugin improperly controls tenancy access to reporting resources Moderate
CVE-2024-39900 was published for org.opensearch.plugin:opensearch-reports-scheduler (Maven) Jul 18, 2024
Apache StreamPipes potentially allows creation of multiple identical accounts Moderate
CVE-2024-30471 was published for org.apache.streampipes:streampipes-parent (Maven) Jul 17, 2024
ProTip! Advisories are also available from the GraphQL API