GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,656
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
2,420 advisories
Filter by severity
Apache Zeppelin: Denial of service with invalid notebook name
Moderate
CVE-2024-31862
was published
for
org.apache.zeppelin:zeppelin-server
(Maven)
Apr 9, 2024
Apache Zeppelin SAP: connecting to a malicious SAP server allowed it to perform XXE
Moderate
CVE-2022-47894
was published
for
org.apache.zeppelin:sap
(Maven)
Apr 9, 2024
Apache Zeppelin: Replacing other users notebook, bypassing any permissions
Moderate
CVE-2024-31863
was published
for
org.apache.zeppelin:zeppelin-server
(Maven)
Apr 9, 2024
Apache Zeppelin CSRF vulnerability in the Credentials page
Moderate
CVE-2021-28656
was published
for
org.apache.zeppelin:zeppelin-web
(Maven)
Apr 9, 2024
Apache Zeppelin Path Traversal vulnerability
Moderate
CVE-2024-31860
was published
for
org.apache.zeppelin:zeppelin-server
(Maven)
Apr 9, 2024
Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints
Moderate
CVE-2024-29834
was published
for
org.apache.pulsar:pulsar-broker
(Maven)
Apr 2, 2024
Eclipse Vert.x vulnerable to a memory leak in TCP servers
Moderate
CVE-2024-1300
was published
for
io.vertx:vertx-core
(Maven)
Apr 2, 2024
Withdrawn: JJWT improperly generates signing keys
Moderate
CVE-2024-31033
was published
for
io.jsonwebtoken:jjwt-impl
(Maven)
Apr 1, 2024
•
withdrawn
Bonita cross-site scripting vulnerability
Moderate
CVE-2024-27609
was published
for
org.bonitasoft.console:bonita-web-server
(Maven)
Apr 1, 2024
Elasticsearch Uncaught Exception leading to crash
Moderate
CVE-2024-23449
was published
for
org.elasticsearch:elasticsearch
(Maven)
Mar 29, 2024
Elasticsearch Incorrect Authorization vulnerability
Moderate
CVE-2024-23451
was published
for
org.elasticsearch:elasticsearch
(Maven)
Mar 27, 2024
Elasticsearch Uncontrolled Resource Consumption vulnerability
Moderate
CVE-2024-23450
was published
for
org.elasticsearch:elasticsearch
(Maven)
Mar 27, 2024
Eclipse Vert.x memory leak
Moderate
CVE-2024-1023
was published
for
io.vertx:vertx-core
(Maven)
Mar 27, 2024
Netty's HttpPostRequestDecoder can OOM
Moderate
CVE-2024-29025
was published
for
io.netty:netty-codec-http
(Maven)
Mar 25, 2024
Apache Commons Configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()
Moderate
CVE-2024-29131
was published
for
org.apache.commons:commons-configuration2
(Maven)
Mar 21, 2024
Apache Commons Configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree
Moderate
CVE-2024-29133
was published
for
org.apache.commons:commons-configuration2
(Maven)
Mar 21, 2024
SQL injection in Folio Spring Module Core
Moderate
CVE-2022-4963
was published
for
org.folio:spring-module-core
(Maven)
Mar 21, 2024
Improper Authentication in Spring Authorization Server
Moderate
CVE-2024-22258
was published
for
org.springframework.security:spring-security-oauth2-authorization-server
(Maven)
Mar 20, 2024
GeoServer's GWC Demos Page vulnerable to Stored Cross-Site Scripting (XSS)
Moderate
CVE-2024-23821
was published
for
org.geoserver:gs-gwc
(Maven)
Mar 20, 2024
GeoServer's MapML HTML Page vulnerable to Stored Cross-Site Scripting (XSS)
Moderate
CVE-2024-23819
was published
for
org.geoserver.extension:gs-mapml
(Maven)
Mar 20, 2024
GeoServer's WMS OpenLayers Format vulnerable to Stored Cross-Site Scripting (XSS)
Moderate
CVE-2024-23818
was published
for
org.geoserver:gs-wms
(Maven)
Mar 20, 2024
GeoServer's GWC Seed Form vulnerable to Stored Cross-Site Scripting (XSS)
Moderate
CVE-2024-23643
was published
for
org.geoserver:gs-gwc-rest
(Maven)
Mar 20, 2024
GeoServer's Simple SVG Renderer vulnerable to Stored Cross-Site Scripting (XSS)
Moderate
CVE-2024-23642
was published
for
org.geoserver:gs-wms
(Maven)
Mar 20, 2024
GeoServer's Style Publisher vulnerable to Stored Cross-Site Scripting (XSS)
Moderate
CVE-2024-23640
was published
for
org.geoserver:gs-main
(Maven)
Mar 20, 2024
GeoServer Arbitrary file renaming vulnerability in REST Coverage/Data Store API
Moderate
CVE-2024-23634
was published
for
org.geoserver:gs-restconfig
(Maven)
Mar 20, 2024
ProTip!
Advisories are also available from the
GraphQL API