Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,318
Erlang
31
GitHub Actions
21
Go
2,074
Maven
5,000+
npm
3,746
NuGet
674
pip
3,434
Pub
12
RubyGems
892
Rust
880
Swift
37
Unreviewed advisories
All unreviewed
5,000+

2,456 advisories

Loading
Duplicate Advisory: Keycloak Build Process Exposes Sensitive Data Moderate
GHSA-jcgg-mg9g-p9wf was published for org.keycloak:keycloak-quarkus-server (Maven) Nov 25, 2024 withdrawn
Searching Opencast may cause a denial of service Moderate
CVE-2024-52797 was published for org.opencastproject:opencast-elasticsearch-impl (Maven) Nov 20, 2024
Apache Kafka Clients: Privilege escalation to filesystem read-access via automatic ConfigProvider Moderate
CVE-2024-31141 was published for org.apache.kafka:kafka-clients (Maven) Nov 19, 2024
Apache Tomcat - XSS in generated JSPs Moderate
CVE-2024-52318 was published for org.apache.tomcat:tomcat-jasper (Maven) Nov 18, 2024
Apache Tomcat Request and/or response mix-up Moderate
CVE-2024-52317 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Nov 18, 2024
Spring MVC controller vulnerable to a DoS attack Moderate
CVE-2024-38828 was published for org.springframework:spring-webmvc (Maven) Nov 18, 2024
ayamburg-panw Louis-Jones-Evri
Debezium database connector has a script injection vulnerability Moderate
CVE-2023-1419 was published for io.debezium:debezium-connector-mysql (Maven) Nov 17, 2024
FitNesse Path Traversal Moderate
CVE-2024-42499 was published for org.fitnesse:fitnesse (Maven) Nov 15, 2024
FitNesse Cross-site scripting Moderate
CVE-2024-39610 was published for org.fitnesse:fitnesse (Maven) Nov 15, 2024
Missing permission check in Jenkins Script Security Plugin Moderate
CVE-2024-52549 was published for org.jenkins-ci.plugins:script-security (Maven) Nov 13, 2024
Denial of Service attack on windows app using netty Moderate
CVE-2024-47535 was published for io.netty:netty-common (Maven) Nov 12, 2024
Amossys-PGR AB-xdev
irene221b
Undertow Denial of Service vulnerability Moderate
CVE-2023-1973 was published for io.undertow:undertow-core (Maven) Nov 7, 2024
hibernate-validator Cross-site Scripting vulnerability Moderate
CVE-2023-1932 was published for org.hibernate.validator:hibernate-validator (Maven) Nov 7, 2024
Snowflake JDBC Security Advisory Moderate
CVE-2024-43382 was published for net.snowflake:snowflake-jdbc (Maven) Oct 30, 2024
Apache NiFi Cross-site Scripting vulnerability Moderate
CVE-2024-45477 was published for org.apache.nifi:nifi-web-ui (Maven) Oct 29, 2024
exceptionfactory
MPXJ has a Potential Path Traversal Vulnerability Moderate
CVE-2024-49771 was published for MPXJ.Net (RubyGems) Oct 28, 2024
Butterfly's parseJSON, getJSON functions eval malicious input, leading to remote code execution (RCE) Moderate
GHSA-mpcw-3j5p-p99x was published for org.openrefine.dependencies:butterfly (Maven) Oct 24, 2024
OpenRefine's error page lacks escaping, leading to potential Cross-site Scripting on import of malicious project Moderate
CVE-2024-47882 was published for org.openrefine:openrefine (Maven) Oct 24, 2024
Apache Syncope: Stored XSS in Console and Enduser Moderate
CVE-2024-45031 was published for org.apache.syncope.client:syncope-client-console (Maven) Oct 24, 2024
Spring Framework DataBinder Case Sensitive Match Exception Moderate
CVE-2024-38820 was published for org.springframework:spring-context (Maven) Oct 18, 2024
jw123023
JetBrains Ktor information disclosure Moderate
CVE-2024-49580 was published for io.ktor:ktor-client-core-jvm (Maven) Oct 17, 2024
AlexeyTsvetkov
Eclipse Jetty URI parsing of invalid authority Moderate
CVE-2024-6763 was published for org.eclipse.jetty:jetty-http (Maven) Oct 14, 2024
zer0yu
Eclipse Jetty's ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks Moderate
CVE-2024-8184 was published for org.eclipse.jetty:jetty-server (Maven) Oct 14, 2024
HRsGIT
Keycloaks's One Time Passcode (OTP) is valid longer than expiration timeSeverity Moderate
CVE-2024-7318 was published for org.keycloak:keycloak-core (Maven) Oct 14, 2024
Chetven
Keycloak has Vulnerable Redirect URI Validation Results in Open Redirect Moderate
CVE-2024-8883 was published for org.keycloak:keycloak-services (Maven) Oct 14, 2024
Chetven
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database